/**
 *
 */
import Util;
import OpenApi;
import OpenApiUtil;
import EndpointUtil;

extends OpenApi;


init(config: OpenApi.Config){
  super(config);
  @endpointRule = '';
  
  checkConfig(config);
  @endpoint = getEndpoint('cloud-siem', @regionId, @endpointRule, @network, @suffix, @endpointMap, @endpoint);
}

function getEndpoint(productId: string, regionId: string, endpointRule: string, network: string, suffix: string, endpointMap: map[string]string, endpoint: string) throws: string{
  if (!Util.empty(endpoint)) {
    return endpoint;
  }
  
  if (!Util.isUnset(endpointMap) && !Util.empty(endpointMap[regionId])) {
    return endpointMap[regionId];
  }
  return EndpointUtil.getEndpointRules(productId, regionId, endpointRule, network, suffix);
}

model DataProductListLogMapValue = {
  logCode?: string(name='LogCode', description='The code of the log.', example='cloud_siem_config_log'),
  logName?: string(name='LogName', description='This parameter is deprecated.', example='audit log'),
  logNameEn?: string(name='LogNameEn', description='This parameter is deprecated.', example='audit log'),
  logNameKey?: string(name='LogNameKey', description='The language code of the log that is used to indicate the language in which the log is displayed.', example='${sas.cloudsiem.prod.cloud_siem_aegis_crack_from_beaver}'),
  status?: boolean(name='Status', description='The status of the log delivery. Valid values:

*   true: The logs are being delivered.
*   false: The log delivery feature is disabled.', example='true'),
  canOperateOrNot?: boolean(name='CanOperateOrNot', description='Indicates whether the log delivery feature can be enabled or disabled. The feature can be enabled or disabled only by the administrator of the threat analysis feature. Valid values:

*   true
*   false', example='true'),
  topic?: string(name='Topic', description='The topic of the log in the Logstore. The value is an index field in the Logstore that can be used to distinguish different logs.', example='sas_login_event'),
  extraParameters?: [ 
    {
      key?: string(name='Key', description='The ID of the extended parameter.', example='flag'),
      value?: string(name='Value', description='The value of the extended parameter.', example='value'),
    }
  ](name='ExtraParameters', description='The extended parameter.'),
}

model AddDataSourceRequest {
  accountId?: string(name='AccountId', description='The ID of the cloud account.', example='123xxxxxxxx'),
  cloudCode?: string(name='CloudCode', description='The code of the cloud service provider.

Valid values:

*   qcloud
*   hcloud
*   aliyun

This parameter is required.', example='hcloud'),
  dataSourceInstanceName?: string(name='DataSourceInstanceName', description='The name of the data source.', example='beijing_waf_kafka'),
  dataSourceInstanceParams?: string(name='DataSourceInstanceParams', description='The parameters of the data source. Set this parameter to a JSON array.', example='[{"paraCode":"region_code","paraValue":"ap-guangzhou"}]'),
  dataSourceInstanceRemark?: string(name='DataSourceInstanceRemark', description='The remarks on the data source.', example='waf_alert_log'),
  dataSourceType?: string(name='DataSourceType', description='The type of the data source. Valid values:

*   obs: Huawei Cloud Object Storage Service (OBS)
*   wafApi: download API of Tencent Cloud Web Application Firewall (WAF)
*   ckafka: Tencent Cloud Kafka (CKafka)', example='obs'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
}

model AddDataSourceResponseBody = {
  data?: {
    count?: int32(name='Count', description='The number of data sources that are added. The value 1 indicates that data source is added, and a value less than or equal to 0 indicates that the data source failed to be added.', example='1'),
    dataSourceInstanceId?: string(name='DataSourceInstanceId', description='The ID of the data source. The ID is an MD5 hash value that is calculated by the threat analysis feature based on specific parameters.', example='220ba97c9d1fdb0b9c7e8c7ca328d7ea'),
  }(name='Data', description='The data returned.'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-*****-55B2-87B9-74D413F7****'),
}

model AddDataSourceResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: AddDataSourceResponseBody(name='body'),
}

/**
 * @summary Adds a data source to a cloud account that is added to the threat analysis feature.
 *
 * @param request AddDataSourceRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return AddDataSourceResponse
 */
async function addDataSourceWithOptions(request: AddDataSourceRequest, runtime: Util.RuntimeOptions): AddDataSourceResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.accountId)) {
    body['AccountId'] = request.accountId;
  }
  if (!Util.isUnset(request.cloudCode)) {
    body['CloudCode'] = request.cloudCode;
  }
  if (!Util.isUnset(request.dataSourceInstanceName)) {
    body['DataSourceInstanceName'] = request.dataSourceInstanceName;
  }
  if (!Util.isUnset(request.dataSourceInstanceParams)) {
    body['DataSourceInstanceParams'] = request.dataSourceInstanceParams;
  }
  if (!Util.isUnset(request.dataSourceInstanceRemark)) {
    body['DataSourceInstanceRemark'] = request.dataSourceInstanceRemark;
  }
  if (!Util.isUnset(request.dataSourceType)) {
    body['DataSourceType'] = request.dataSourceType;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'AddDataSource',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Adds a data source to a cloud account that is added to the threat analysis feature.
 *
 * @param request AddDataSourceRequest
 * @return AddDataSourceResponse
 */
async function addDataSource(request: AddDataSourceRequest): AddDataSourceResponse {
  var runtime = new Util.RuntimeOptions{};
  return addDataSourceWithOptions(request, runtime);
}

model AddDataSourceLogRequest {
  accountId?: string(name='AccountId', description='The ID of the cloud account.

This parameter is required.', example='123xxxxxxx'),
  cloudCode?: string(name='CloudCode', description='The code of the cloud service provider. Valid values:

*   qcloud: Tencent Cloud
*   aliyun: Alibaba Cloud
*   hcloud: Huawei Cloud

This parameter is required.', example='hcloud'),
  dataSourceInstanceId?: string(name='DataSourceInstanceId', description='The ID of the data source. The ID is an MD5 hash value that is calculated by the threat analysis feature based on specific parameters. You can call the [ListDataSourceLogs](https://api.aliyun-inc.com/#/publishment/document/cloud-siem/863fdf54478f4cc5877e27c2a5fe9e44?tenantUuid=f382fccd88b94c5c8c864def6815b854\\\\&activeTabKey=api%7CListDataSourceLogs) operation to query the IDs of data sources.

This parameter is required.', example='220ba97c9d1fdb0b9c7e8c7ca328d7ea'),
  dataSourceInstanceLogs?: string(name='DataSourceInstanceLogs', description='The parameters of the data source. Set this parameter to a JSON array.

This parameter is required.', example='[{"LogCode":"cloud_siem_qcloud_waf_alert_log","LogParas":"[{\\\\"ParaCode\\\\":\\\\"api_name\\\\",\\\\"ParaValue\\\\":\\\\"GetAttackDownloadRecords\\\\"}]"}]'),
  logCode?: string(name='LogCode', description='The log code.', example='cloud_siem_waf_xxxxx'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
}

model AddDataSourceLogResponseBody = {
  data?: {
    count?: int32(name='Count', description='The number of logs that are added. The value 1 indicates that the log is added, and a value less than or equal to 0 indicates that the log failed to be added.', example='1'),
    logInstanceId?: string(name='LogInstanceId', description='The ID of the log. The ID is an MD5 hash value that is calculated by the threat analysis feature based on specific parameters.', example='ef33097c9d1fdb0b9c7e8c7ca320pkl1'),
  }(name='Data', description='The data returned.'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-*****-55B2-87B9-74D413F7****'),
}

model AddDataSourceLogResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: AddDataSourceLogResponseBody(name='body'),
}

/**
 * @summary Adds logs of a cloud account to the threat analysis feature.
 *
 * @param request AddDataSourceLogRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return AddDataSourceLogResponse
 */
async function addDataSourceLogWithOptions(request: AddDataSourceLogRequest, runtime: Util.RuntimeOptions): AddDataSourceLogResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.accountId)) {
    body['AccountId'] = request.accountId;
  }
  if (!Util.isUnset(request.cloudCode)) {
    body['CloudCode'] = request.cloudCode;
  }
  if (!Util.isUnset(request.dataSourceInstanceId)) {
    body['DataSourceInstanceId'] = request.dataSourceInstanceId;
  }
  if (!Util.isUnset(request.dataSourceInstanceLogs)) {
    body['DataSourceInstanceLogs'] = request.dataSourceInstanceLogs;
  }
  if (!Util.isUnset(request.logCode)) {
    body['LogCode'] = request.logCode;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'AddDataSourceLog',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Adds logs of a cloud account to the threat analysis feature.
 *
 * @param request AddDataSourceLogRequest
 * @return AddDataSourceLogResponse
 */
async function addDataSourceLog(request: AddDataSourceLogRequest): AddDataSourceLogResponse {
  var runtime = new Util.RuntimeOptions{};
  return addDataSourceLogWithOptions(request, runtime);
}

model AddUserRequest {
  addedUserId?: long(name='AddedUserId', description='The ID of the cloud account.

This parameter is required.', example='123XXXXXXXX'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
}

model AddUserResponseBody = {
  data?: boolean(name='Data', description='Indicates whether the cloud account is added to the threat analysis feature.', example='true'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-*****-55B2-87B9-74D413F7****'),
}

model AddUserResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: AddUserResponseBody(name='body'),
}

/**
 * @summary Adds a cloud account to the threat analysis feature for centralized management. After you add the account, you can use the account to perform operations that are supported by the threat analysis feature. For example, you can add logs of the account to the threat analysis feature.
 *
 * @param request AddUserRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return AddUserResponse
 */
async function addUserWithOptions(request: AddUserRequest, runtime: Util.RuntimeOptions): AddUserResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.addedUserId)) {
    body['AddedUserId'] = request.addedUserId;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'AddUser',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Adds a cloud account to the threat analysis feature for centralized management. After you add the account, you can use the account to perform operations that are supported by the threat analysis feature. For example, you can add logs of the account to the threat analysis feature.
 *
 * @param request AddUserRequest
 * @return AddUserResponse
 */
async function addUser(request: AddUserRequest): AddUserResponse {
  var runtime = new Util.RuntimeOptions{};
  return addUserWithOptions(request, runtime);
}

model AddUserSourceLogConfigRequest {
  deleted?: int32(name='Deleted', description='Specifies whether to add logs or delete added logs. Valid values:

*   \\\\-1: deletes added logs.
*   0: adds logs.', example='0'),
  disPlayLine?: string(name='DisPlayLine', description='The display details of the Logstore.', example='cn-shanghai.siem-project.siem-logstore'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  sourceLogCode?: string(name='SourceLogCode', description='The log code.', example='cloud_siem_aegis_proc'),
  sourceLogInfo?: string(name='SourceLogInfo', description='The details of the Logstore that you want to use in the JSON string format.

This parameter is required.', example='{"project":"wafnew-project-1335759343513432-cn-hangzhou","logStore":"wafnew-logstore","regionCode":"cn-hangzhou","prodCode":"waf"}'),
  sourceProdCode?: string(name='SourceProdCode', description='The code of the cloud service.', example='sas'),
  subUserId?: long(name='SubUserId', description='The ID of the Alibaba Cloud account.

This parameter is required.', example='123XXXXXX'),
}

model AddUserSourceLogConfigResponseBody = {
  data?: {
    diplayLine?: string(name='DiplayLine', description='The display details of the Logstore.', example='cn-shanghai.siem-project.siem-logstore'),
    displayed?: boolean(name='Displayed', description='Indicates whether the details of added logs are returned. Valid values: true false', example='0'),
    imported?: boolean(name='Imported', description='Indicates whether the logs are added to the threat analysis feature. Valid values: true false', example='0'),
    mainUserId?: long(name='MainUserId', description='The ID of the Alibaba Cloud account that is used to purchase the threat analysis feature.', example='123XXXXXXXXX'),
    sourceLogCode?: string(name='SourceLogCode', description='The log code.', example='cloud_siem_aegis_proc'),
    sourceProdCode?: string(name='SourceProdCode', description='The code of the cloud service.', example='sas'),
    subUserId?: long(name='SubUserId', description='The ID of the Alibaba Cloud account that can be used to perform operations supported by the threat analysis feature.', example='123XXXXXXXX'),
    subUserName?: string(name='SubUserName', description='The username of the Alibaba Cloud account that can be used to perform operations supported by the threat analysis feature.', example='sas_account_xxx'),
  }(name='Data', description='The data returned.'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-*****-55B2-87B9-74D413F7****'),
}

model AddUserSourceLogConfigResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: AddUserSourceLogConfigResponseBody(name='body'),
}

/**
 * @summary Adds the logs of a cloud service within a cloud account to the threat analysis feature for alert and event anslysis.
 *
 * @param request AddUserSourceLogConfigRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return AddUserSourceLogConfigResponse
 */
async function addUserSourceLogConfigWithOptions(request: AddUserSourceLogConfigRequest, runtime: Util.RuntimeOptions): AddUserSourceLogConfigResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.deleted)) {
    body['Deleted'] = request.deleted;
  }
  if (!Util.isUnset(request.disPlayLine)) {
    body['DisPlayLine'] = request.disPlayLine;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.sourceLogCode)) {
    body['SourceLogCode'] = request.sourceLogCode;
  }
  if (!Util.isUnset(request.sourceLogInfo)) {
    body['SourceLogInfo'] = request.sourceLogInfo;
  }
  if (!Util.isUnset(request.sourceProdCode)) {
    body['SourceProdCode'] = request.sourceProdCode;
  }
  if (!Util.isUnset(request.subUserId)) {
    body['SubUserId'] = request.subUserId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'AddUserSourceLogConfig',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Adds the logs of a cloud service within a cloud account to the threat analysis feature for alert and event anslysis.
 *
 * @param request AddUserSourceLogConfigRequest
 * @return AddUserSourceLogConfigResponse
 */
async function addUserSourceLogConfig(request: AddUserSourceLogConfigRequest): AddUserSourceLogConfigResponse {
  var runtime = new Util.RuntimeOptions{};
  return addUserSourceLogConfigWithOptions(request, runtime);
}

model BatchJobSubmitRequest {
  jsonConfig?: string(name='JsonConfig', description='The detail config of task.', example='{{"autoSubmit":false,"configName":"test_builder","folderConfig":{"folderId":"rd-EUx7Qp","prodConfig":[{"allLogs":false,"allRegions":false,"logConfig":[{"logCode":"cloud_siem_rds_audit_log","logStorePattern":"vpc-test","projectPattern":"vpc-test"}],"prodCode":"rds","regions":["cn-shanghai"]},{"allLogs":true,"allRegions":true,"prodCode":"sas"}],"type":"folder"},"listenRdChange":false,"logConfigs":{"cloud_siem_rds_audit_log":{"logCode":"cloud_siem_rds_audit_log","logStorePattern":"vpc-test","projectPattern":"vpc-test"}}}}'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-shanghai'),
}

model BatchJobSubmitResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: {
    configId?: string(name='ConfigId', description='The ID of the task configuration.', example='xxxx_folder_xxxx'),
    configList?: [ 
      {
        productList?: [ 
          {
            logList?: [ 
              {
                errorCode?: string(name='ErrorCode', description='The error code returned.', example='ProjectLogstoreNotFound'),
                logCode?: string(name='LogCode', description='The log code.', example='cloud_siem_cfw_flow'),
                logStoreNamePattern?: string(name='LogStoreNamePattern', description='The pattern of SLS log store name.', example='vpc-test-logstore'),
                productCode?: string(name='ProductCode', description='The code of product.', example='sas'),
                projectNamePattern?: string(name='ProjectNamePattern', description='The pattern of SLS project name.', example='vpc-test-project'),
                regionCode?: string(name='RegionCode', description='The ID of the region in which the instance resides.', example='cn-shanghai'),
              }
            ](name='LogList', description='The list of log.'),
            productCode?: string(name='ProductCode', description='The code of the product.', example='sas'),
          }
        ](name='ProductList', description='The list of product.'),
        userId?: long(name='UserId', description='The account id of aliyun.', example='123xxxxxx'),
      }
    ](name='ConfigList', description='The list of task configure.'),
    submitId?: string(name='SubmitId', description='The id of task.', example='BATCH_JOB_XXXXXX'),
    taskCount?: int32(name='TaskCount', description='The number of existing tasks that are created to add logs within the data source.', example='20'),
  }(name='Data', description='The data returned.'),
  errCode?: string(name='ErrCode', description='The error code.', example='ServerError'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='5B0DFF6D-XXXX'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model BatchJobSubmitResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: BatchJobSubmitResponseBody(name='body'),
}

/**
 * @summary Configures log collection tasks based on resource directories.
 *
 * @param request BatchJobSubmitRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return BatchJobSubmitResponse
 */
async function batchJobSubmitWithOptions(request: BatchJobSubmitRequest, runtime: Util.RuntimeOptions): BatchJobSubmitResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.jsonConfig)) {
    body['JsonConfig'] = request.jsonConfig;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'BatchJobSubmit',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Configures log collection tasks based on resource directories.
 *
 * @param request BatchJobSubmitRequest
 * @return BatchJobSubmitResponse
 */
async function batchJobSubmit(request: BatchJobSubmitRequest): BatchJobSubmitResponse {
  var runtime = new Util.RuntimeOptions{};
  return batchJobSubmitWithOptions(request, runtime);
}

model BindAccountRequest {
  accessId?: string(name='AccessId', description='The AccessKey ID of the cloud account.

This parameter is required.', example='ABCXXXXXXXX'),
  accountId?: string(name='AccountId', description='The ID of the cloud account.

This parameter is required.', example='123xxxxxxx'),
  accountName?: string(name='AccountName', description='The username of the cloud account.

This parameter is required.', example='xxxx'),
  cloudCode?: string(name='CloudCode', description='The code of the cloud service provider. Valid values:

*   aliyun: Alibaba Cloud
*   hcloud: Huawei Cloud
*   qcloud: Tencent Cloud

This parameter is required.', example='hcloud'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor'),
  roleType?: int32(name='RoleType'),
}

model BindAccountResponseBody = {
  data?: {
    count?: int32(name='Count', description='The number of the cloud accounts that are added to the threat analysis feature.', example='1'),
  }(name='Data', description='The data returned.'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-*****-55B2-87B9-74D413F7****'),
}

model BindAccountResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: BindAccountResponseBody(name='body'),
}

/**
 * @summary Adds a third-party cloud account that is displayed on the Multi-cloud assets tab of the Feature Settings page to the threat analysis feature.
 *
 * @param request BindAccountRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return BindAccountResponse
 */
async function bindAccountWithOptions(request: BindAccountRequest, runtime: Util.RuntimeOptions): BindAccountResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.accessId)) {
    body['AccessId'] = request.accessId;
  }
  if (!Util.isUnset(request.accountId)) {
    body['AccountId'] = request.accountId;
  }
  if (!Util.isUnset(request.accountName)) {
    body['AccountName'] = request.accountName;
  }
  if (!Util.isUnset(request.cloudCode)) {
    body['CloudCode'] = request.cloudCode;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'BindAccount',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Adds a third-party cloud account that is displayed on the Multi-cloud assets tab of the Feature Settings page to the threat analysis feature.
 *
 * @param request BindAccountRequest
 * @return BindAccountResponse
 */
async function bindAccount(request: BindAccountRequest): BindAccountResponse {
  var runtime = new Util.RuntimeOptions{};
  return bindAccountWithOptions(request, runtime);
}

model CloseDeliveryRequest {
  logCode?: string(name='LogCode', description='The log code of the cloud service, such as the code of the process log for Security Center. You can obtain the log code from the response of the ListDelivery operation.', example='cloud_siem_aegis_proc'),
  productCode?: string(name='ProductCode', description='The code of the cloud service. Valid values:

*   qcloud_waf
*   qlcoud_cfw
*   hcloud_waf
*   hcloud_cfw
*   ddos
*   sas
*   cfw
*   config
*   csk
*   fc
*   rds
*   nas
*   apigateway
*   cdn
*   mongodb
*   eip
*   slb
*   vpc
*   actiontrail
*   waf
*   bastionhost
*   oss
*   polardb

This parameter is required.', example='sas'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the region where your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model CloseDeliveryResponseBody = {
  data?: boolean(name='Data', description='Indicates whether the threat analysis feature was disabled. Valid values:

*   true
*   false', example='true'),
  requestId?: string(name='RequestId', description='The request ID.', example='F375A043-4F5B-55F2-A564-CC47FFC6****'),
}

model CloseDeliveryResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: CloseDeliveryResponseBody(name='body'),
}

/**
 * @summary Disables the log delivery feature for a cloud service.
 *
 * @param request CloseDeliveryRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return CloseDeliveryResponse
 */
async function closeDeliveryWithOptions(request: CloseDeliveryRequest, runtime: Util.RuntimeOptions): CloseDeliveryResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.logCode)) {
    body['LogCode'] = request.logCode;
  }
  if (!Util.isUnset(request.productCode)) {
    body['ProductCode'] = request.productCode;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'CloseDelivery',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Disables the log delivery feature for a cloud service.
 *
 * @param request CloseDeliveryRequest
 * @return CloseDeliveryResponse
 */
async function closeDelivery(request: CloseDeliveryRequest): CloseDeliveryResponse {
  var runtime = new Util.RuntimeOptions{};
  return closeDeliveryWithOptions(request, runtime);
}

model DeleteAutomateResponseConfigRequest {
  id?: long(name='Id', description='The ID of the rule.', example='123'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model DeleteAutomateResponseConfigResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: string(name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DeleteAutomateResponseConfigResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteAutomateResponseConfigResponseBody(name='body'),
}

/**
 * @summary Deletes the automated response rule with a specified ID.
 *
 * @param request DeleteAutomateResponseConfigRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteAutomateResponseConfigResponse
 */
async function deleteAutomateResponseConfigWithOptions(request: DeleteAutomateResponseConfigRequest, runtime: Util.RuntimeOptions): DeleteAutomateResponseConfigResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.id)) {
    body['Id'] = request.id;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DeleteAutomateResponseConfig',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Deletes the automated response rule with a specified ID.
 *
 * @param request DeleteAutomateResponseConfigRequest
 * @return DeleteAutomateResponseConfigResponse
 */
async function deleteAutomateResponseConfig(request: DeleteAutomateResponseConfigRequest): DeleteAutomateResponseConfigResponse {
  var runtime = new Util.RuntimeOptions{};
  return deleteAutomateResponseConfigWithOptions(request, runtime);
}

model DeleteBindAccountRequest {
  accessId?: string(name='AccessId', description='The AccessKey ID of the cloud account.

This parameter is required.', example='ABCXXXXXXXX'),
  accountId?: string(name='AccountId', description='The ID of the cloud account.

This parameter is required.', example='123xxxxxxx'),
  bindId?: long(name='BindId', description='The ID generated when the account is added to the threat analysis feature. You can call the [ListBindAccount](https://api.aliyun-inc.com/#/publishment/document/cloud-siem/863fdf54478f4cc5877e27c2a5fe9e44?tenantUuid=f382fccd88b94c5c8c864def6815b854\\\\&activeTabKey=api%7CListBindAccount) operation to query the ID.', example='10'),
  cloudCode?: string(name='CloudCode', description='The code of the cloud service provider. Valid values:

*   qcloud: Tencent Cloud
*   aliyun: Alibaba Cloud
*   hcloud: Huawei Cloud

This parameter is required.', example='hcloud'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor'),
  roleType?: int32(name='RoleType'),
}

model DeleteBindAccountResponseBody = {
  data?: {
    count?: int32(name='Count', description='The number of cloud accounts that are removed. The value 1 indicates that cloud account is removed, and a value less than or equal to 0 indicates that the cloud account failed to be removed.', example='1'),
  }(name='Data', description='The data returned.'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-*****-55B2-87B9-74D413F7****'),
}

model DeleteBindAccountResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteBindAccountResponseBody(name='body'),
}

/**
 * @summary Removes a third-party cloud account that is added to the threat analysis feature by using its AccessKey ID. You can add another cloud account based on your business requirements.
 *
 * @param request DeleteBindAccountRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteBindAccountResponse
 */
async function deleteBindAccountWithOptions(request: DeleteBindAccountRequest, runtime: Util.RuntimeOptions): DeleteBindAccountResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.accessId)) {
    body['AccessId'] = request.accessId;
  }
  if (!Util.isUnset(request.accountId)) {
    body['AccountId'] = request.accountId;
  }
  if (!Util.isUnset(request.bindId)) {
    body['BindId'] = request.bindId;
  }
  if (!Util.isUnset(request.cloudCode)) {
    body['CloudCode'] = request.cloudCode;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DeleteBindAccount',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Removes a third-party cloud account that is added to the threat analysis feature by using its AccessKey ID. You can add another cloud account based on your business requirements.
 *
 * @param request DeleteBindAccountRequest
 * @return DeleteBindAccountResponse
 */
async function deleteBindAccount(request: DeleteBindAccountRequest): DeleteBindAccountResponse {
  var runtime = new Util.RuntimeOptions{};
  return deleteBindAccountWithOptions(request, runtime);
}

model DeleteCustomizeRuleRequest {
  regionId?: string(name='RegionId', description='The region in which the service is deployed.', example='cn-shanghai'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
  ruleId?: long(name='RuleId', description='The ID of the rule.', example='123456789'),
}

model DeleteCustomizeRuleResponseBody = {
  code?: int32(name='Code', description='The HTTP status code that is returned.', example='200'),
  data?: int32(name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DeleteCustomizeRuleResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteCustomizeRuleResponseBody(name='body'),
}

/**
 * @summary Deletes a rule by rule ID.
 *
 * @param request DeleteCustomizeRuleRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteCustomizeRuleResponse
 */
async function deleteCustomizeRuleWithOptions(request: DeleteCustomizeRuleRequest, runtime: Util.RuntimeOptions): DeleteCustomizeRuleResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  if (!Util.isUnset(request.ruleId)) {
    body['RuleId'] = request.ruleId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DeleteCustomizeRule',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Deletes a rule by rule ID.
 *
 * @param request DeleteCustomizeRuleRequest
 * @return DeleteCustomizeRuleResponse
 */
async function deleteCustomizeRule(request: DeleteCustomizeRuleRequest): DeleteCustomizeRuleResponse {
  var runtime = new Util.RuntimeOptions{};
  return deleteCustomizeRuleWithOptions(request, runtime);
}

model DeleteDataSourceRequest {
  accountId?: string(name='AccountId', description='The ID of the cloud account.

This parameter is required.', example='123xxxxxxx'),
  cloudCode?: string(name='CloudCode', description='The code of the cloud service provider. Valid values:

*   qcloud: Tencent Cloud
*   aliyun: Alibaba Cloud
*   hcloud: Huawei Cloud

This parameter is required.', example='hcloud'),
  dataSourceInstanceId?: string(name='DataSourceInstanceId', description='The ID of the data source. The ID is an MD5 hash value that is calculated by the threat analysis feature based on specific parameters. You can call the [ListDataSourceLogs](https://api.aliyun-inc.com/#/publishment/document/cloud-siem/863fdf54478f4cc5877e27c2a5fe9e44?tenantUuid=f382fccd88b94c5c8c864def6815b854\\\\&activeTabKey=api%7CListDataSourceLogs) operation to query the IDs of data sources.

This parameter is required.', example='220ba97c9d1fdb0b9c7e8c7ca328d7ea'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
}

model DeleteDataSourceResponseBody = {
  data?: {
    count?: int32(name='Count', description='The number of data sources that are removed. The value 1 indicates that data source is removed, and a value less than or equal to 0 indicates that the data source failed to be removed.', example='1'),
  }(name='Data', description='The data returned.'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-*****-55B2-87B9-74D413F7****'),
}

model DeleteDataSourceResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteDataSourceResponseBody(name='body'),
}

/**
 * @summary Removes a data source that is no longer required.
 *
 * @param request DeleteDataSourceRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteDataSourceResponse
 */
async function deleteDataSourceWithOptions(request: DeleteDataSourceRequest, runtime: Util.RuntimeOptions): DeleteDataSourceResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.accountId)) {
    body['AccountId'] = request.accountId;
  }
  if (!Util.isUnset(request.cloudCode)) {
    body['CloudCode'] = request.cloudCode;
  }
  if (!Util.isUnset(request.dataSourceInstanceId)) {
    body['DataSourceInstanceId'] = request.dataSourceInstanceId;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DeleteDataSource',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Removes a data source that is no longer required.
 *
 * @param request DeleteDataSourceRequest
 * @return DeleteDataSourceResponse
 */
async function deleteDataSource(request: DeleteDataSourceRequest): DeleteDataSourceResponse {
  var runtime = new Util.RuntimeOptions{};
  return deleteDataSourceWithOptions(request, runtime);
}

model DeleteDataSourceLogRequest {
  accountId?: string(name='AccountId', description='The ID of the cloud account.

This parameter is required.', example='123xxxxxxx'),
  cloudCode?: string(name='CloudCode', description='The code of the cloud service provider. Valid values:

*   qcloud: Tencent Cloud
*   aliyun: Alibaba Cloud
*   hcloud: Huawei Cloud

This parameter is required.', example='hcloud'),
  dataSourceInstanceId?: string(name='DataSourceInstanceId', description='The ID of the data source. The ID is an MD5 hash value that is calculated by the threat analysis feature based on specific parameters. You can call the [ListDataSourceLogs](https://api.aliyun-inc.com/#/publishment/document/cloud-siem/863fdf54478f4cc5877e27c2a5fe9e44?tenantUuid=f382fccd88b94c5c8c864def6815b854\\\\&activeTabKey=api%7CListDataSourceLogs) operation to query the IDs of data sources.

This parameter is required.', example='220ba97c9d1fdb0b9c7e8c7ca328d7ea'),
  logInstanceId?: string(name='LogInstanceId', description='The ID of the log. The ID is an MD5 hash value that is calculated by the threat analysis feature based on specific parameters. You can call the [ListDataSourceLogs](https://api.aliyun-inc.com/#/publishment/document/cloud-siem/863fdf54478f4cc5877e27c2a5fe9e44?tenantUuid=f382fccd88b94c5c8c864def6815b854\\\\&activeTabKey=api%7CListDataSourceLogs) operation to query the IDs of logs.

This parameter is required.', example='ef33097c9d1fdb0b9c7e8c7ca320pkl1'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
}

model DeleteDataSourceLogResponseBody = {
  data?: {
    count?: int32(name='Count', description='The number of logs that are removed. The value 1 indicates that the log is removed, and a value less than or equal to 0 indicates that the log failed to be removed.', example='1'),
    logInstanceId?: string(name='LogInstanceId', description='The ID of the log. The ID is an MD5 hash value that is calculated by the threat analysis feature based on specific parameters.', example='ef33097c9d1fdb0b9c7e8c7ca320pkl1'),
  }(name='Data', description='The data returned.'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-*****-55B2-87B9-74D413F7****'),
}

model DeleteDataSourceLogResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteDataSourceLogResponseBody(name='body'),
}

/**
 * @summary Removes a log.
 *
 * @param request DeleteDataSourceLogRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteDataSourceLogResponse
 */
async function deleteDataSourceLogWithOptions(request: DeleteDataSourceLogRequest, runtime: Util.RuntimeOptions): DeleteDataSourceLogResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.accountId)) {
    body['AccountId'] = request.accountId;
  }
  if (!Util.isUnset(request.cloudCode)) {
    body['CloudCode'] = request.cloudCode;
  }
  if (!Util.isUnset(request.dataSourceInstanceId)) {
    body['DataSourceInstanceId'] = request.dataSourceInstanceId;
  }
  if (!Util.isUnset(request.logInstanceId)) {
    body['LogInstanceId'] = request.logInstanceId;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DeleteDataSourceLog',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Removes a log.
 *
 * @param request DeleteDataSourceLogRequest
 * @return DeleteDataSourceLogResponse
 */
async function deleteDataSourceLog(request: DeleteDataSourceLogRequest): DeleteDataSourceLogResponse {
  var runtime = new Util.RuntimeOptions{};
  return deleteDataSourceLogWithOptions(request, runtime);
}

model DeleteUserRequest {
  addedUserId?: long(name='AddedUserId', description='The ID of the Alibaba Cloud account.

This parameter is required.', example='123XXXXXXXX'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
}

model DeleteUserResponseBody = {
  data?: boolean(name='Data', description='Indicates whether the Alibaba Cloud account is removed. Valid values:

*   true
*   false', example='true'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-*****-55B2-87B9-74D413F7****'),
}

model DeleteUserResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteUserResponseBody(name='body'),
}

/**
 * @summary Removes an Alibaba Cloud account that is added to the threat analysis feature for centralized management. You can add the account to the feature again if required.
 *
 * @param request DeleteUserRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteUserResponse
 */
async function deleteUserWithOptions(request: DeleteUserRequest, runtime: Util.RuntimeOptions): DeleteUserResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.addedUserId)) {
    body['AddedUserId'] = request.addedUserId;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DeleteUser',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Removes an Alibaba Cloud account that is added to the threat analysis feature for centralized management. You can add the account to the feature again if required.
 *
 * @param request DeleteUserRequest
 * @return DeleteUserResponse
 */
async function deleteUser(request: DeleteUserRequest): DeleteUserResponse {
  var runtime = new Util.RuntimeOptions{};
  return deleteUserWithOptions(request, runtime);
}

model DeleteWhiteRuleListRequest {
  id?: long(name='Id', description='The unique ID of the whitelist rule.

This parameter is required.', example='123456789'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model DeleteWhiteRuleListResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: any(name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DeleteWhiteRuleListResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteWhiteRuleListResponseBody(name='body'),
}

/**
 * @summary Deletes an alert whitelist rule with a specified ID.
 *
 * @param request DeleteWhiteRuleListRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteWhiteRuleListResponse
 */
async function deleteWhiteRuleListWithOptions(request: DeleteWhiteRuleListRequest, runtime: Util.RuntimeOptions): DeleteWhiteRuleListResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.id)) {
    body['Id'] = request.id;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DeleteWhiteRuleList',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Deletes an alert whitelist rule with a specified ID.
 *
 * @param request DeleteWhiteRuleListRequest
 * @return DeleteWhiteRuleListResponse
 */
async function deleteWhiteRuleList(request: DeleteWhiteRuleListRequest): DeleteWhiteRuleListResponse {
  var runtime = new Util.RuntimeOptions{};
  return deleteWhiteRuleListWithOptions(request, runtime);
}

model DescribeAggregateFunctionRequest {
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model DescribeAggregateFunctionResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: [ 
    {
      function?: string(name='Function', description='The aggregate function.', example='count'),
      functionName?: string(name='FunctionName', description='The display name of the aggregate function.', example='Count'),
    }
  ](name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DescribeAggregateFunctionResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeAggregateFunctionResponseBody(name='body'),
}

/**
 * @summary Queries the aggregate functions that are supported for a custom rule.
 *
 * @param request DescribeAggregateFunctionRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeAggregateFunctionResponse
 */
async function describeAggregateFunctionWithOptions(request: DescribeAggregateFunctionRequest, runtime: Util.RuntimeOptions): DescribeAggregateFunctionResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeAggregateFunction',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the aggregate functions that are supported for a custom rule.
 *
 * @param request DescribeAggregateFunctionRequest
 * @return DescribeAggregateFunctionResponse
 */
async function describeAggregateFunction(request: DescribeAggregateFunctionRequest): DescribeAggregateFunctionResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeAggregateFunctionWithOptions(request, runtime);
}

model DescribeAlertSceneRequest {
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model DescribeAlertSceneResponseBody = {
  code?: int32(name='Code', description='The response code.', example='200'),
  data?: [ 
    {
      alertName?: string(name='AlertName', description='The name of the alert. The value varies based on the display language (Chinese or English) of the Security Center console.', example='login_common_ip'),
      alertNameId?: string(name='AlertNameId', description='The ID of the alert name.', example='login_common_ip'),
      alertTile?: string(name='AlertTile', description='The title of the alert notification. The value varies based on the display language (Chinese or English) of the Security Center console.', example='unusual login-login_common_ip'),
      alertTileId?: string(name='AlertTileId', description='The ID of the alert title.', example='unusual login-login_common_ip'),
      alertType?: string(name='AlertType', description='The type of the alert. The value varies based on the display language (Chinese or English) of the Security Center console.', example='unusual login'),
      alertTypeId?: string(name='AlertTypeId', description='The ID of the alert type.', example='unusual login'),
      targets?: [ 
        {
          name?: string(name='Name', description='The display name of the attribute for the entity.', example='HOST UUID'),
          type?: string(name='Type', description='The attribute of the entity.', example='host_uuid'),
          value?: string(name='Value', description='The right operand that is displayed by default in the whitelist rule.', example='441862da-a539-4cc0-a00d-47395582****'),
          values?: [ string ](name='Values', description='The right operands supported by the whitelist rule.', example='["441862da-a539-4cc0-a00d-473955826881"]'),
        }
      ](name='Targets', description='The information about the entities for which you need to add the alert to the whitelist.', example='[{"Type": "host_uuid","Value": "441862da-a539-4cc0-a00d-473955826881","Values": ["441862da-a539-4cc0-a00d-473955826881"],"Name": "${aliyun.siem.entity.host_uuid}"}]'),
    }
  ](name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DescribeAlertSceneResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeAlertSceneResponseBody(name='body'),
}

/**
 * @summary Queries the scenarios in which an alert needs to be added to the whitelist.
 *
 * @param request DescribeAlertSceneRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeAlertSceneResponse
 */
async function describeAlertSceneWithOptions(request: DescribeAlertSceneRequest, runtime: Util.RuntimeOptions): DescribeAlertSceneResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeAlertScene',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the scenarios in which an alert needs to be added to the whitelist.
 *
 * @param request DescribeAlertSceneRequest
 * @return DescribeAlertSceneResponse
 */
async function describeAlertScene(request: DescribeAlertSceneRequest): DescribeAlertSceneResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeAlertSceneWithOptions(request, runtime);
}

model DescribeAlertSceneByEventRequest {
  incidentUuid?: string(name='IncidentUuid', description='The ID of the event.

This parameter is required.', example='85ea4241-798f-4684-a876-65d4f0c3****'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model DescribeAlertSceneByEventResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: [ 
    {
      alertName?: string(name='AlertName', description='The alert name. The display name of the alert name varies based on the language of the system, such as Chinese and English.', example='login_common_ip'),
      alertNameId?: string(name='AlertNameId', description='The ID of the alert name.', example='login_common_ip'),
      alertTile?: string(name='AlertTile', description='The alert title. The display name of the alert title varies based on the language of the system, such as Chinese and English.', example='Unusual Logon-login_common_ip'),
      alertTileId?: string(name='AlertTileId', description='The ID of the alert title.', example='Unusual Logon-login_common_ip'),
      alertType?: string(name='AlertType', description='The alert type. The display name of the alert type varies based on the language of the system, such as Chinese and English.', example='Unusual Logon'),
      alertTypeId?: string(name='AlertTypeId', description='The ID of the alert type.', example='Unusual Logon'),
      targets?: [ 
        {
          name?: string(name='Name', description='The display name of the entity attribute field that can be added to the whitelist.', example='host uuid'),
          type?: string(name='Type', description='The entity attribute field that can be added to the whitelist.', example='host_uuid'),
          value?: string(name='Value', description='The right operand that is displayed by default in the whitelist rule.', example='441862da-a539-4cc0-a00d-47395582****'),
          values?: [ string ](name='Values', description='The supported right operands of the whitelist rule.', example='["441862da-a539-4cc0-a00d-473955826881"]'),
        }
      ](name='Targets', description='The objects that can be added to the whitelist.', example='[{"Type": "host_uuid","Value": "441862da-a539-4cc0-a00d-473955826881","Values": ["441862da-a539-4cc0-a00d-473955826881"],"Name": "${aliyun.siem.entity.host_uuid}"}]'),
    }
  ](name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DescribeAlertSceneByEventResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeAlertSceneByEventResponseBody(name='body'),
}

/**
 * @summary Queries the scenarios and objects that can be added to an alert whitelist rule.
 *
 * @param request DescribeAlertSceneByEventRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeAlertSceneByEventResponse
 */
async function describeAlertSceneByEventWithOptions(request: DescribeAlertSceneByEventRequest, runtime: Util.RuntimeOptions): DescribeAlertSceneByEventResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.incidentUuid)) {
    body['IncidentUuid'] = request.incidentUuid;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeAlertSceneByEvent',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the scenarios and objects that can be added to an alert whitelist rule.
 *
 * @param request DescribeAlertSceneByEventRequest
 * @return DescribeAlertSceneByEventResponse
 */
async function describeAlertSceneByEvent(request: DescribeAlertSceneByEventRequest): DescribeAlertSceneByEventResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeAlertSceneByEventWithOptions(request, runtime);
}

model DescribeAlertSourceRequest {
  endTime?: long(name='EndTime', description='The end of the time range to query. Unit: milliseconds.', example='1577808000000'),
  level?: [ string ](name='Level', description='The risk levels. The value is a JSON array. Valid values:

*   serious: high
*   suspicious: medium
*   remind: low', example='["serious","suspicious","remind"]'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
  startTime?: long(name='StartTime', description='The beginning of the time range to query. Unit: milliseconds.', example='1577808000000'),
}

model DescribeAlertSourceResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: [ 
    {
      source?: string(name='Source', description='The internal code of the alert data source.', example='aliyun.siem.alert_datasource.sas'),
      sourceName?: string(name='SourceName', description='The name of the alert data source.', example='sas'),
    }
  ](name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DescribeAlertSourceResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeAlertSourceResponseBody(name='body'),
}

/**
 * @summary Queries alert data sources.
 *
 * @param request DescribeAlertSourceRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeAlertSourceResponse
 */
async function describeAlertSourceWithOptions(request: DescribeAlertSourceRequest, runtime: Util.RuntimeOptions): DescribeAlertSourceResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.endTime)) {
    body['EndTime'] = request.endTime;
  }
  if (!Util.isUnset(request.level)) {
    body['Level'] = request.level;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  if (!Util.isUnset(request.startTime)) {
    body['StartTime'] = request.startTime;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeAlertSource',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries alert data sources.
 *
 * @param request DescribeAlertSourceRequest
 * @return DescribeAlertSourceResponse
 */
async function describeAlertSource(request: DescribeAlertSourceRequest): DescribeAlertSourceResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeAlertSourceWithOptions(request, runtime);
}

model DescribeAlertSourceWithEventRequest {
  incidentUuid?: string(name='IncidentUuid', description='The UUID of the event.', example='85ea4241-798f-4684-a876-65d4f0c3****'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the region where your assets reside. Valid values:

*   Valid values: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model DescribeAlertSourceWithEventResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: [ 
    {
      source?: string(name='Source', description='The internal code of the alert data source.', example='aliyun.siem.alert_datasource.sas'),
      sourceName?: string(name='SourceName', description='The name of the alert data source.', example='sas'),
    }
  ](name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DescribeAlertSourceWithEventResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeAlertSourceWithEventResponseBody(name='body'),
}

/**
 * @summary Queries the data sources of the alert that is associated with an event.
 *
 * @param request DescribeAlertSourceWithEventRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeAlertSourceWithEventResponse
 */
async function describeAlertSourceWithEventWithOptions(request: DescribeAlertSourceWithEventRequest, runtime: Util.RuntimeOptions): DescribeAlertSourceWithEventResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.incidentUuid)) {
    body['IncidentUuid'] = request.incidentUuid;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeAlertSourceWithEvent',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the data sources of the alert that is associated with an event.
 *
 * @param request DescribeAlertSourceWithEventRequest
 * @return DescribeAlertSourceWithEventResponse
 */
async function describeAlertSourceWithEvent(request: DescribeAlertSourceWithEventRequest): DescribeAlertSourceWithEventResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeAlertSourceWithEventWithOptions(request, runtime);
}

model DescribeAlertTypeRequest {
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
  ruleType?: string(name='RuleType', description='The type of rule. Valid values:
- predefine: the defined rule by system
- customize: the customed rule by user', example='customize'),
}

model DescribeAlertTypeResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: [ 
    {
      alertType?: string(name='AlertType', description='The type of the risk.', example='WEBSHELL'),
      alertTypeMds?: string(name='AlertTypeMds', description='The internal code of the risk type.', example='siem_rule_type_process_abnormal_command'),
    }
  ](name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DescribeAlertTypeResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeAlertTypeResponseBody(name='body'),
}

/**
 * @summary Queries the threat types that you can select when you create a custom rule.
 *
 * @param request DescribeAlertTypeRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeAlertTypeResponse
 */
async function describeAlertTypeWithOptions(request: DescribeAlertTypeRequest, runtime: Util.RuntimeOptions): DescribeAlertTypeResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  if (!Util.isUnset(request.ruleType)) {
    body['RuleType'] = request.ruleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeAlertType',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the threat types that you can select when you create a custom rule.
 *
 * @param request DescribeAlertTypeRequest
 * @return DescribeAlertTypeResponse
 */
async function describeAlertType(request: DescribeAlertTypeRequest): DescribeAlertTypeResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeAlertTypeWithOptions(request, runtime);
}

model DescribeAlertsRequest {
  alertTitle?: string(name='AlertTitle', description='The title of the alert.', example='Unusual Logon-login_common_account'),
  alertUuid?: string(name='AlertUuid', description='The UUID of the alert.', example='sas_71e24437d2797ce8fc59692905a4****'),
  currentPage?: int32(name='CurrentPage', description='The page number. Pages start from page 1.

This parameter is required.', example='1'),
  endTime?: long(name='EndTime', description='The end of the time range to query. Unit: milliseconds.', example='1577808000000'),
  isDefend?: string(name='IsDefend', description='Specifies whether an attack is defended. Valid values:

*   0: detected.
*   1: blocked.', example='1'),
  level?: [ string ](name='Level', description='The risk level. The value is a JSON array. Valid values:

*   serious: high
*   suspicious: medium
*   remind: low', example='["serious","suspicious","remind"]'),
  pageSize?: int32(name='PageSize', description='The number of entries per page. Maximum value: 100.

This parameter is required.', example='10'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
  source?: string(name='Source', description='The source of the alert.', example='sas'),
  startTime?: long(name='StartTime', description='The beginning of the time range to query. Unit: milliseconds.', example='1577808000000'),
  subUserId?: string(name='SubUserId', description='The ID of the Alibaba Cloud account within which the alert is generated.', example='176555323***'),
}

model DescribeAlertsResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: {
    pageInfo?: {
      currentPage?: int32(name='CurrentPage', description='The current page number.', example='1'),
      pageSize?: int32(name='PageSize', description='The number of entries per page.', example='10'),
      totalCount?: long(name='TotalCount', description='The total number of entries returned.', example='100'),
    }(name='PageInfo', description='The pagination information.'),
    responseData?: [ 
      {
        alertDesc?: string(name='AlertDesc', description='The description of the alert.', example='The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.'),
        alertDescCode?: string(name='AlertDescCode', description='The internal code of the alert description.', example='security_event_config.event_name.webshell'),
        alertDescEn?: string(name='AlertDescEn', description='The description of the alert in English.', example='The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.'),
        alertDetail?: string(name='AlertDetail', description='The details of the alert.', example='{"main_user_id": "165295629792****";"log_uuid_count": "99";"attack_ip": "21.92.*.*"}'),
        alertInfoList?: [ 
          {
            key?: string(name='Key', description='The attribute key.', example='suspicious.wbd.wb.trojanpath'),
            keyName?: string(name='KeyName', description='The name of the key.', example='Trojan Path'),
            values?: string(name='Values', description='The value of the key.', example='/root/test33.php'),
          }
        ](name='AlertInfoList', description='The displayed details of the alert.', example='aliyun'),
        alertLevel?: string(name='AlertLevel', description='The threat level. Valid values:

*   serious: high
*   suspicious: medium
*   remind: low', example='remind'),
        alertName?: string(name='AlertName', description='The name of the alert.', example='Try SNMP weak password'),
        alertNameCode?: string(name='AlertNameCode', description='The internal code of the alert name.', example='security_event_config.event_name.webshell'),
        alertNameEn?: string(name='AlertNameEn', description='The name of the alert in English.', example='Try SNMP weak password'),
        alertSrcProd?: string(name='AlertSrcProd', description='The service for which the alert associated with the event is generated.', example='sas'),
        alertSrcProdModule?: string(name='AlertSrcProdModule', description='The sub-module of ther alert source.', example='waf'),
        alertTitle?: string(name='AlertTitle', description='The title of the alert.', example='Scan-Try SNMP weak password'),
        alertTitleEn?: string(name='AlertTitleEn', description='The title of the alert in English.', example='Scan-Try SNMP weak password'),
        alertType?: string(name='AlertType', description='The alert type.', example='Scan'),
        alertTypeCode?: string(name='AlertTypeCode', description='The internal code of the alert type.', example='security_event_config.event_name.webshellName'),
        alertTypeEn?: string(name='AlertTypeEn', description='The type of the alert in English.', example='Scan'),
        alertUuid?: string(name='AlertUuid', description='The UUID of the alert.', example='sas_71e24437d2797ce8fc59692905a4****'),
        assetList?: string(name='AssetList', description='The details of the asset.', example='[
      {
            "is_main_asset": "1",
            "asset_name": "47.245.*",
            "port": "22",
            "ip": "47.245.*",
            "asset_type": "ip",
            "location": "ap-southeast-1",
            "asset_id": "47.245.*",
            "net_connect_dir": "in"
      }
]'),
        attCk?: string(name='AttCk', description='The tag of the ATT\\\\&CK attack.', example='T1595.002 Vulnerability Scanning'),
        cloudCode?: string(name='CloudCode', description='The cloud code. Valid values:

*   aliyun: Alibaba Cloud
*   qcloud: Tencent Cloud
*   hcloud: Huawei Cloud', example='aliyun'),
        endTime?: string(name='EndTime', description='The time when the alert was closed.', example='2021-01-06 16:37:29'),
        gmtCreate?: string(name='GmtCreate', description='The time when the alert was received.', example='2021-01-06 16:37:29'),
        gmtModified?: string(name='GmtModified', description='The time when the alert was last updated.', example='2021-01-06 16:37:29'),
        id?: long(name='Id', description='The unique ID of the alert.', example='123456789'),
        incidentUuid?: string(name='IncidentUuid', description='The UUID of the event.', example='85ea4241-798f-4684-a876-65d4f0c3****'),
        isDefend?: string(name='IsDefend', description='Indicates whether an attack is defended. Valid values:

*   0: detected.
*   1: blocked.', example='1'),
        logTime?: string(name='LogTime', description='The time when the alert was recorded.', example='2021-01-06 16:37:29'),
        logUuid?: string(name='LogUuid', description='The UUID of the alert log.', example='cfw_d12e285a-a042-4d7e-be89-f8a795ef****'),
        mainUserId?: long(name='MainUserId', description='The ID of the Alibaba Cloud account that is associated with the alert in SIEM.', example='127608589417****'),
        occurTime?: string(name='OccurTime', description='The time when the alert is triggered.', example='2021-01-06 16:37:29'),
        startTime?: string(name='StartTime', description='The time at which the alert was first generated.', example='2021-01-06 16:37:29'),
        subUserId?: long(name='SubUserId', description='The ID of the Alibaba Cloud account within which the alert is generated.', example='176555323***'),
      }
    ](name='ResponseData', description='The detailed data.'),
  }(name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DescribeAlertsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeAlertsResponseBody(name='body'),
}

/**
 * @summary Queries alerts within your account.
 *
 * @param request DescribeAlertsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeAlertsResponse
 */
async function describeAlertsWithOptions(request: DescribeAlertsRequest, runtime: Util.RuntimeOptions): DescribeAlertsResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.alertTitle)) {
    body['AlertTitle'] = request.alertTitle;
  }
  if (!Util.isUnset(request.alertUuid)) {
    body['AlertUuid'] = request.alertUuid;
  }
  if (!Util.isUnset(request.currentPage)) {
    body['CurrentPage'] = request.currentPage;
  }
  if (!Util.isUnset(request.endTime)) {
    body['EndTime'] = request.endTime;
  }
  if (!Util.isUnset(request.isDefend)) {
    body['IsDefend'] = request.isDefend;
  }
  if (!Util.isUnset(request.level)) {
    body['Level'] = request.level;
  }
  if (!Util.isUnset(request.pageSize)) {
    body['PageSize'] = request.pageSize;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  if (!Util.isUnset(request.source)) {
    body['Source'] = request.source;
  }
  if (!Util.isUnset(request.startTime)) {
    body['StartTime'] = request.startTime;
  }
  if (!Util.isUnset(request.subUserId)) {
    body['SubUserId'] = request.subUserId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeAlerts',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries alerts within your account.
 *
 * @param request DescribeAlertsRequest
 * @return DescribeAlertsResponse
 */
async function describeAlerts(request: DescribeAlertsRequest): DescribeAlertsResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeAlertsWithOptions(request, runtime);
}

model DescribeAlertsCountRequest {
  endTime?: long(name='EndTime', description='The end of the time range to query. Unit: milliseconds.', example='1577808000000'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
  startTime?: long(name='StartTime', description='The beginning of the time range to query. Unit: milliseconds.', example='1577808000000'),
}

model DescribeAlertsCountResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: {
    all?: long(name='All', description='The total number of alerts.', example='75'),
    high?: long(name='High', description='The number of high-risk alerts.', example='25'),
    low?: long(name='Low', description='The number of low-risk alerts.', example='25'),
    medium?: long(name='Medium', description='The number of medium-risk alerts.', example='25'),
    productNum?: int32(name='ProductNum', description='The number of connected services.', example='3'),
  }(name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DescribeAlertsCountResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeAlertsCountResponseBody(name='body'),
}

/**
 * @summary Queries the number of alerts of different severities.
 *
 * @param request DescribeAlertsCountRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeAlertsCountResponse
 */
async function describeAlertsCountWithOptions(request: DescribeAlertsCountRequest, runtime: Util.RuntimeOptions): DescribeAlertsCountResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.endTime)) {
    body['EndTime'] = request.endTime;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  if (!Util.isUnset(request.startTime)) {
    body['StartTime'] = request.startTime;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeAlertsCount',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the number of alerts of different severities.
 *
 * @param request DescribeAlertsCountRequest
 * @return DescribeAlertsCountResponse
 */
async function describeAlertsCount(request: DescribeAlertsCountRequest): DescribeAlertsCountResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeAlertsCountWithOptions(request, runtime);
}

model DescribeAlertsWithEntityRequest {
  currentPage?: int32(name='CurrentPage', description='The page number. Pages start from page 1.

This parameter is required.', example='1'),
  entityId?: long(name='EntityId', description='The ID of the entity.', example='123456789'),
  incidentUuid?: string(name='IncidentUuid', description='The UUID of the event.', example='85ea4241-798f-4684-a876-65d4f0c3****'),
  pageSize?: int32(name='PageSize', description='The number of entries per page. Maximum value: 100.

This parameter is required.', example='10'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
  sophonTaskId?: string(name='SophonTaskId', description='The ID of the SOAR handing policy.', example='577bbf90-a770-44a7-8154-586aa2d318fa'),
}

model DescribeAlertsWithEntityResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: {
    pageInfo?: {
      currentPage?: int32(name='CurrentPage', description='The current page number.', example='1'),
      pageSize?: int32(name='PageSize', description='The number of entries per page.', example='10'),
      totalCount?: long(name='TotalCount', description='The total number of entries returned.', example='100'),
    }(name='PageInfo', description='The pagination information.'),
    responseData?: [ 
      {
        alertDesc?: string(name='AlertDesc', description='The description of the alert.', example='The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.'),
        alertDescCode?: string(name='AlertDescCode', description='The internal code of the alert description.', example='security_event_config.event_name.webshell'),
        alertDescEn?: string(name='AlertDescEn', description='The alert description in English.', example='The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.'),
        alertDetail?: string(name='AlertDetail', description='The details of the alert.', example='{"main_user_id": "165295629792****";"log_uuid_count": "99";"attack_ip": "21.92.*.*"}'),
        alertInfoList?: [ 
          {
            key?: string(name='Key', description='The attribute key.', example='suspicious.wbd.wb.trojanpath'),
            keyName?: string(name='KeyName', description='The name of the key.', example='Trojan Path'),
            values?: string(name='Values', description='The value of the key.', example='/root/test33.php'),
          }
        ](name='AlertInfoList', description='The displayed details of the alert.', example='aliyun'),
        alertLevel?: string(name='AlertLevel', description='The risk level. Valid values:

*   serious: high
*   suspicious: medium
*   remind: low', example='remind'),
        alertName?: string(name='AlertName', description='The name of the alert.', example='Try SNMP weak password'),
        alertNameCode?: string(name='AlertNameCode', description='The internal code of the alert name.', example='security_event_config.event_name.webshell'),
        alertNameEn?: string(name='AlertNameEn', description='The name of the alert.', example='Try SNMP weak password'),
        alertSrcProd?: string(name='AlertSrcProd', description='The source of the alert.', example='sas'),
        alertSrcProdModule?: string(name='AlertSrcProdModule', description='The sub-module of the alert source.', example='waf'),
        alertTitle?: string(name='AlertTitle', description='The title of the alert.', example='Scan-Try SNMP weak password'),
        alertTitleEn?: string(name='AlertTitleEn', description='The alert title in English.', example='Scan-Try SNMP weak password'),
        alertType?: string(name='AlertType', description='The type of the alert.', example='Scan'),
        alertTypeCode?: string(name='AlertTypeCode', description='The internal code of the alert type.', example='security_event_config.event_name.webshellName'),
        alertTypeEn?: string(name='AlertTypeEn', description='The alert type in English.', example='Scan'),
        alertUuid?: string(name='AlertUuid', description='The UUID of the alert.', example='sas_71e24437d2797ce8fc59692905a4****'),
        assetList?: string(name='AssetList', description='The details of the asset.', example='[
      {
            "is_main_asset": "1",
            "asset_name": "47.245.*",
            "port": "22",
            "ip": "47.245.*",
            "asset_type": "ip",
            "location": "ap-southeast-1",
            "asset_id": "47.245.*",
            "net_connect_dir": "in"
      }
]'),
        attCk?: string(name='AttCk', description='The tag of the ATT\\\\&CK attack.', example='T1595.002 Vulnerability Scanning'),
        cloudCode?: string(name='CloudCode', description='The cloud code. Valid values:

*   aliyun: Alibaba Cloud
*   qcloud: Tencent Cloud
*   hcloud: Huawei Cloud', example='aliyun'),
        endTime?: string(name='EndTime', description='The time when the alert was closed.', example='2021-01-06 16:37:29'),
        gmtCreate?: string(name='GmtCreate', description='The time when the alert was received.', example='2021-01-06 16:37:29'),
        gmtModified?: string(name='GmtModified', description='The time when the alert was last updated.', example='2021-01-06 16:37:29'),
        id?: long(name='Id', description='The unique ID of the alert.', example='123456789'),
        incidentUuid?: string(name='IncidentUuid', description='The UUID of the event.', example='85ea4241-798f-4684-a876-65d4f0c3****'),
        isDefend?: string(name='IsDefend', description='Specifies whether an attack is defended. Valid values:

*   0: detected
*   1: blocked', example='1'),
        logTime?: string(name='LogTime', description='The time when the alert was recorded.', example='2021-01-06 16:37:29'),
        logUuid?: string(name='LogUuid', description='The UUID of the alert log.', example='cfw_d12e285a-a042-4d7e-be89-f8a795ef****'),
        mainUserId?: long(name='MainUserId', description='The ID of the Alibaba Cloud account that is associated with the alert in SIEM.', example='127608589417****'),
        occurTime?: string(name='OccurTime', description='The time when the alert was triggered.', example='2021-01-06 16:37:29'),
        startTime?: string(name='StartTime', description='The time at which the alert was first generated.', example='2021-01-06 16:37:29'),
        subUserId?: long(name='SubUserId', description='The ID of the Alibaba Cloud account within which the alert is generated.', example='176555323***'),
      }
    ](name='ResponseData', description='The detailed data.'),
  }(name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DescribeAlertsWithEntityResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeAlertsWithEntityResponseBody(name='body'),
}

/**
 * @summary Queries the alerts that are associated with an entity.
 *
 * @param request DescribeAlertsWithEntityRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeAlertsWithEntityResponse
 */
async function describeAlertsWithEntityWithOptions(request: DescribeAlertsWithEntityRequest, runtime: Util.RuntimeOptions): DescribeAlertsWithEntityResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.currentPage)) {
    body['CurrentPage'] = request.currentPage;
  }
  if (!Util.isUnset(request.entityId)) {
    body['EntityId'] = request.entityId;
  }
  if (!Util.isUnset(request.incidentUuid)) {
    body['IncidentUuid'] = request.incidentUuid;
  }
  if (!Util.isUnset(request.pageSize)) {
    body['PageSize'] = request.pageSize;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  if (!Util.isUnset(request.sophonTaskId)) {
    body['SophonTaskId'] = request.sophonTaskId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeAlertsWithEntity',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the alerts that are associated with an entity.
 *
 * @param request DescribeAlertsWithEntityRequest
 * @return DescribeAlertsWithEntityResponse
 */
async function describeAlertsWithEntity(request: DescribeAlertsWithEntityRequest): DescribeAlertsWithEntityResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeAlertsWithEntityWithOptions(request, runtime);
}

model DescribeAlertsWithEventRequest {
  alertTitle?: string(name='AlertTitle', description='The title of the alert.', example='Scan-Try SNMP weak password'),
  currentPage?: int32(name='CurrentPage', description='The page number. Pages start from page 1.

This parameter is required.', example='1'),
  incidentUuid?: string(name='IncidentUuid', description='The ID of the event.', example='85ea4241-798f-4684-a876-65d4f0c3****'),
  isDefend?: string(name='IsDefend', description='Specifies whether an attack is defended. Valid values:

*   0: detected
*   1: blocked', example='1'),
  level?: [ string ](name='Level', description='The risk levels. The value is a JSON array. Valid values:

*   serious: high
*   suspicious: medium
*   remind: low', example='["serious","suspicious","remind"]'),
  pageSize?: int32(name='PageSize', description='The number of entries per page. Maximum value: 100.

This parameter is required.', example='10'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the member in the resource directory.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view.

*   0: view of the current Alibaba Cloud account.
*   1: view of all accounts for the enterprise.', example='1'),
  source?: string(name='Source', description='The data source of the alert.', example='sas'),
  subUserId?: long(name='SubUserId', description='The ID of the account within which the alert is generated.', example='176555323***'),
}

model DescribeAlertsWithEventResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: {
    pageInfo?: {
      currentPage?: int32(name='CurrentPage', description='The current page number.', example='1'),
      pageSize?: int32(name='PageSize', description='The number of entries per page.', example='10'),
      totalCount?: long(name='TotalCount', description='The total number of entries returned.', example='100'),
    }(name='PageInfo', description='The pagination information.'),
    responseData?: [ 
      {
        alertDesc?: string(name='AlertDesc', description='The description of the alert.', example='The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.'),
        alertDescCode?: string(name='AlertDescCode', description='The internal code of the alert description.', example='security_event_config.event_name.webshell'),
        alertDescEn?: string(name='AlertDescEn', description='The alert description in English.', example='The detection model found a suspicious Webshell file on your server, which may be a backdoor file implanted to maintain permissions after the attacker successfully invaded the website.'),
        alertDetail?: string(name='AlertDetail', description='The details of the alert.', example='{"main_user_id": "165295629792****";"log_uuid_count": "99";"attack_ip": "21.92.*.*"}'),
        alertInfoList?: [ 
          {
            key?: string(name='Key', description='The attribute key.', example='suspicious.wbd.wb.trojanpath'),
            keyName?: string(name='KeyName', description='The name of the key.', example='Trojan Path'),
            values?: string(name='Values', description='The value of the key.', example='/root/test33.php'),
          }
        ](name='AlertInfoList', description='The displayed details of the alert.', example='aliyun'),
        alertLevel?: string(name='AlertLevel', description='The risk level. Valid values:

*   serious: high.
*   suspicious: medium.
*   remind: low.', example='remind'),
        alertName?: string(name='AlertName', description='The name of the alert.', example='Try SNMP weak password'),
        alertNameCode?: string(name='AlertNameCode', description='The internal code of the alert name.', example='security_event_config.event_name.webshell'),
        alertNameEn?: string(name='AlertNameEn', description='The alert name in English.', example='Try SNMP weak password'),
        alertSrcProd?: string(name='AlertSrcProd', description='The source of the alert.', example='sas'),
        alertSrcProdModule?: string(name='AlertSrcProdModule', description='The sub-module of the alert source.', example='waf'),
        alertTitle?: string(name='AlertTitle', description='The title of the alert.', example='Scan-Try SNMP weak password'),
        alertTitleEn?: string(name='AlertTitleEn', description='The alert title in English.', example='Scan-Try SNMP weak password'),
        alertType?: string(name='AlertType', description='The type of the alert.', example='Scan'),
        alertTypeCode?: string(name='AlertTypeCode', description='The internal code of the alert type.', example='security_event_config.event_name.webshellName'),
        alertTypeEn?: string(name='AlertTypeEn', description='The alert type in English.', example='Scan'),
        alertUuid?: string(name='AlertUuid', description='The UUID of the alert.', example='sas_71e24437d2797ce8fc59692905a4****'),
        assetList?: string(name='AssetList', description='The details of the asset.', example='[
      {
            "is_main_asset": "1",
            "asset_name": "47.245.*",
            "port": "22",
            "ip": "47.245.*",
            "asset_type": "ip",
            "location": "ap-southeast-1",
            "asset_id": "47.245.*",
            "net_connect_dir": "in"
      }
]'),
        attCk?: string(name='AttCk', description='The tag of the ATT\\\\&CK technique.', example='T1595.002 Vulnerability Scanning'),
        cloudCode?: string(name='CloudCode', description='The code of the cloud service provider. Valid values:

*   aliyun: Alibaba Cloud.
*   qcloud: Tencent Cloud.
*   hcloud: Huawei Cloud.', example='aliyun'),
        endTime?: string(name='EndTime', description='The time when the alert was closed.', example='2021-01-06 16:37:29'),
        entityList?: string(name='EntityList', description='The details of the entity.', example='[{&quot;entity_user_id&quot;:&quot;198921674491****&quot;,&quot;entity_account_id&quot;:&quot;N/A&quot;,&quot;entity_uuid&quot;:&quot;6245f979d5dd9ef8dd19bdc72228****&quot;,&quot;entity_type&quot;:&quot;host&quot;,&quot;entity_name&quot;:&quot;zhh-test-20240409&quot;,&quot;is_comprised&quot;:&quot;1&quot;,&quot;os_type&quot;:&quot;linux&quot;,&quot;entity_id&quot;:&quot;a88f44dd-b8d4-4ded-831c-77a4835****&quot;,&quot;host_uuid&quot;:&quot;a88f44dd-b8d4-4ded-831c-77a4835****&quot;,&quot;host_name&quot;:&quot;zhh-test-2024****&quot;}]'),
        gmtCreate?: string(name='GmtCreate', description='The time when the alert was received.', example='2021-01-06 16:37:29'),
        gmtModified?: string(name='GmtModified', description='The time when the alert was last updated.', example='2021-01-06 16:37:29'),
        id?: long(name='Id', description='The unique ID of the alert.', example='123456789'),
        incidentUuid?: string(name='IncidentUuid', description='The UUID of the event.', example='85ea4241-798f-4684-a876-65d4f0c3****'),
        isDefend?: string(name='IsDefend', description='Indicates whether an attack is defended against. Valid values:

*   0: detected.
*   1: blocked.', example='1'),
        logTime?: string(name='LogTime', description='The time when the alert was recorded.', example='2021-01-06 16:37:29'),
        logUuid?: string(name='LogUuid', description='The UUID of the alert log.', example='cfw_d12e285a-a042-4d7e-be89-f8a795ef****'),
        mainUserId?: long(name='MainUserId', description='The ID of the Alibaba Cloud account that is associated with the alert in SIEM.', example='127608589417****'),
        occurTime?: string(name='OccurTime', description='The time when the alert was triggered.', example='2021-01-06 16:37:29'),
        startTime?: string(name='StartTime', description='The time at which the alert was first generated.', example='2021-01-06 16:37:29'),
        subUserId?: long(name='SubUserId', description='The ID of the Alibaba Cloud account within which the alert is generated.', example='176555323***'),
      }
    ](name='ResponseData', description='The detailed data.'),
  }(name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DescribeAlertsWithEventResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeAlertsWithEventResponseBody(name='body'),
}

/**
 * @summary Queries the alerts that are associated with an event.
 *
 * @param request DescribeAlertsWithEventRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeAlertsWithEventResponse
 */
async function describeAlertsWithEventWithOptions(request: DescribeAlertsWithEventRequest, runtime: Util.RuntimeOptions): DescribeAlertsWithEventResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.alertTitle)) {
    body['AlertTitle'] = request.alertTitle;
  }
  if (!Util.isUnset(request.currentPage)) {
    body['CurrentPage'] = request.currentPage;
  }
  if (!Util.isUnset(request.incidentUuid)) {
    body['IncidentUuid'] = request.incidentUuid;
  }
  if (!Util.isUnset(request.isDefend)) {
    body['IsDefend'] = request.isDefend;
  }
  if (!Util.isUnset(request.level)) {
    body['Level'] = request.level;
  }
  if (!Util.isUnset(request.pageSize)) {
    body['PageSize'] = request.pageSize;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  if (!Util.isUnset(request.source)) {
    body['Source'] = request.source;
  }
  if (!Util.isUnset(request.subUserId)) {
    body['SubUserId'] = request.subUserId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeAlertsWithEvent',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the alerts that are associated with an event.
 *
 * @param request DescribeAlertsWithEventRequest
 * @return DescribeAlertsWithEventResponse
 */
async function describeAlertsWithEvent(request: DescribeAlertsWithEventRequest): DescribeAlertsWithEventResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeAlertsWithEventWithOptions(request, runtime);
}

model DescribeAttackTimeLineRequest {
  assetName?: string(name='AssetName', description='The name of the asset.', example='zsw-agentless-centos****'),
  endTime?: long(name='EndTime', description='The end of the time range to query. Unit: milliseconds.', example='1577808000000'),
  incidentUuid?: string(name='IncidentUuid', description='The ID of the event.', example='85ea4241-798f-4684-a876-65d4f0c3****'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
  startTime?: long(name='StartTime', description='The beginning of the time range to query. Unit: milliseconds.', example='1577803000000'),
}

model DescribeAttackTimeLineResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: [ 
    {
      alertLevel?: string(name='AlertLevel', description='The risk level. Valid values:

*   serious: high
*   suspicious: medium
*   remind: low', example='remind'),
      alertName?: string(name='AlertName', description='The alert name in English.', example='Try SNMP weak password'),
      alertNameCode?: string(name='AlertNameCode', description='The internal code of the alert name.', example='security_event_config.event_name.webshell'),
      alertNameEn?: string(name='AlertNameEn', description='The alert name in English.', example='Try SNMP weak password'),
      alertSrcProd?: string(name='AlertSrcProd', description='The source of the alert.', example='sas'),
      alertSrcProdModule?: string(name='AlertSrcProdModule', description='The sub-module of the alert source.', example='waf'),
      alertTime?: long(name='AlertTime', description='The time when the alert was triggered.', example='2021-01-06 16:37:29'),
      alertTitle?: string(name='AlertTitle', description='The title of the alert.', example='Scan-Try SNMP weak password'),
      alertTitleEn?: string(name='AlertTitleEn', description='The alert title in English.', example='Scan-Try SNMP weak password'),
      alertType?: string(name='AlertType', description='The type of the alert.', example='Scan'),
      alertTypeCode?: string(name='AlertTypeCode', description='The internal code of the alert type.', example='security_event_config.event_name.webshellName'),
      alertTypeEn?: string(name='AlertTypeEn', description='The alert type in English.', example='Scan'),
      alertUuid?: string(name='AlertUuid', description='The UUID of the alert', example='sas_71e24437d2797ce8fc59692905a4****'),
      assetId?: string(name='AssetId', description='The logical ID of the asset.', example='0616caeb-acb8-45e0-8520-4ee5fbe251f0'),
      assetList?: string(name='AssetList', description='The details of the asset.', example='[
      {
            "is_main_asset": "1",
            "asset_name": "47.245.*",
            "port": "22",
            "ip": "47.245.*",
            "asset_type": "ip",
            "location": "ap-southeast-1",
            "asset_id": "47.245.*",
            "net_connect_dir": "in"
      }
]'),
      assetName?: string(name='AssetName', description='The name of the asset.', example='zsw-agentless-centos****'),
      attCk?: string(name='AttCk', description='The tag of the ATT\\\\&CK attack.', example='T1595.002 Vulnerability Scanning'),
      cloudCode?: string(name='CloudCode', description='The cloud code. Valid values:

*   aliyun: Alibaba Cloud
*   qcloud: Tencent Cloud
*   hcloud: Huawei Cloud', example='aliyun'),
      incidentUuid?: string(name='IncidentUuid', description='The UUID of the event.', example='85ea4241-798f-4684-a876-65d4f0c3****'),
      logTime?: string(name='LogTime', description='The time when the alert was recorded.', example='2021-01-06 16:37:29'),
    }
  ](name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DescribeAttackTimeLineResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeAttackTimeLineResponseBody(name='body'),
}

/**
 * @summary Queries the timeline of the alerts that are associated with an event.
 *
 * @param request DescribeAttackTimeLineRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeAttackTimeLineResponse
 */
async function describeAttackTimeLineWithOptions(request: DescribeAttackTimeLineRequest, runtime: Util.RuntimeOptions): DescribeAttackTimeLineResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.assetName)) {
    body['AssetName'] = request.assetName;
  }
  if (!Util.isUnset(request.endTime)) {
    body['EndTime'] = request.endTime;
  }
  if (!Util.isUnset(request.incidentUuid)) {
    body['IncidentUuid'] = request.incidentUuid;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  if (!Util.isUnset(request.startTime)) {
    body['StartTime'] = request.startTime;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeAttackTimeLine',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the timeline of the alerts that are associated with an event.
 *
 * @param request DescribeAttackTimeLineRequest
 * @return DescribeAttackTimeLineResponse
 */
async function describeAttackTimeLine(request: DescribeAttackTimeLineRequest): DescribeAttackTimeLineResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeAttackTimeLineWithOptions(request, runtime);
}

model DescribeAuthRequest {
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
}

model DescribeAuthResponseBody = {
  data?: boolean(name='Data', description='Indicates whether the SIEM system is granted the required permissions. Valid values:

*   true
*   false', example='true'),
  requestId?: string(name='RequestId', description='The request ID.', example='4F539347-7D9A-51EA-8ABF-5D5507045C5C'),
}

model DescribeAuthResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeAuthResponseBody(name='body'),
}

/**
 * @summary Checks whether the security information and event management (SIEM) system is granted the required permissions to access other cloud resources within your Alibaba Cloud account and whether the AliyunServiceRoleForSasCloudSiem service-linked role is created.
 *
 * @param request DescribeAuthRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeAuthResponse
 */
async function describeAuthWithOptions(request: DescribeAuthRequest, runtime: Util.RuntimeOptions): DescribeAuthResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeAuth',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Checks whether the security information and event management (SIEM) system is granted the required permissions to access other cloud resources within your Alibaba Cloud account and whether the AliyunServiceRoleForSasCloudSiem service-linked role is created.
 *
 * @param request DescribeAuthRequest
 * @return DescribeAuthResponse
 */
async function describeAuth(request: DescribeAuthRequest): DescribeAuthResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeAuthWithOptions(request, runtime);
}

model DescribeAutomateResponseConfigCounterRequest {
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model DescribeAutomateResponseConfigCounterResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: {
    all?: long(name='All', description='The total number of rules.', example='20'),
    online?: long(name='Online', description='The number of enabled rules.', example='10'),
  }(name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DescribeAutomateResponseConfigCounterResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeAutomateResponseConfigCounterResponseBody(name='body'),
}

/**
 * @summary Queries the number of automated response rules.
 *
 * @param request DescribeAutomateResponseConfigCounterRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeAutomateResponseConfigCounterResponse
 */
async function describeAutomateResponseConfigCounterWithOptions(request: DescribeAutomateResponseConfigCounterRequest, runtime: Util.RuntimeOptions): DescribeAutomateResponseConfigCounterResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeAutomateResponseConfigCounter',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the number of automated response rules.
 *
 * @param request DescribeAutomateResponseConfigCounterRequest
 * @return DescribeAutomateResponseConfigCounterResponse
 */
async function describeAutomateResponseConfigCounter(request: DescribeAutomateResponseConfigCounterRequest): DescribeAutomateResponseConfigCounterResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeAutomateResponseConfigCounterWithOptions(request, runtime);
}

model DescribeAutomateResponseConfigFeatureRequest {
  autoResponseType?: string(name='AutoResponseType', description='The type of the automated response rule. Valid values:

*   event
*   alert', example='event'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model DescribeAutomateResponseConfigFeatureResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: [ 
    {
      dataType?: string(name='DataType', description='The data type of the condition field in the automated response rule.', example='varchar'),
      feature?: string(name='Feature', description='The name of the condition field in the automated response rule.', example='alert_desc'),
      rightValueEnums?: [ 
        {
          value?: string(name='Value', description='The enumerated value of the right operand.', example='serious'),
          valueMds?: string(name='ValueMds', description='The internal code of the enumerated value.', example='aliyun.siem.automate.feature.alert_level.serious'),
        }
      ](name='RightValueEnums', description='The enumerated values of the right operand for the field.'),
      supportOperators?: [ 
        {
          hasRightValue?: boolean(name='HasRightValue', description='Indicates whether the right operand is required. Valid values:

*   true
*   false', example='false'),
          index?: int32(name='Index', description='The position of the operator in the operator list.', example='3'),
          operator?: string(name='Operator', description='The operator.', example='<='),
          operatorDescCn?: string(name='OperatorDescCn', description='The description of the operator in Chinese.', example='larger than or equal to'),
          operatorDescEn?: string(name='OperatorDescEn', description='The description of the operator in English.', example='larger than or equal to'),
          operatorName?: string(name='OperatorName', description='The name of the operator.', example='<='),
          supportDataType?: string(name='SupportDataType', description='The data types that are supported by the operator. The data types are separated by commas (,).', example='varchar'),
          supportTag?: [ string ](name='SupportTag', description='The scenarios that are supported by the operator. Multiple scenarios are separated by commas (,), such as aggregation scenarios. By default, this parameter is empty.', example='[AGGREGATE]'),
        }
      ](name='SupportOperators', description='The operators that are supported for the condition field.'),
    }
  ](name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DescribeAutomateResponseConfigFeatureResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeAutomateResponseConfigFeatureResponseBody(name='body'),
}

/**
 * @summary Queries the configurable fields and operators of an automated response rule.
 *
 * @param request DescribeAutomateResponseConfigFeatureRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeAutomateResponseConfigFeatureResponse
 */
async function describeAutomateResponseConfigFeatureWithOptions(request: DescribeAutomateResponseConfigFeatureRequest, runtime: Util.RuntimeOptions): DescribeAutomateResponseConfigFeatureResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.autoResponseType)) {
    body['AutoResponseType'] = request.autoResponseType;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeAutomateResponseConfigFeature',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the configurable fields and operators of an automated response rule.
 *
 * @param request DescribeAutomateResponseConfigFeatureRequest
 * @return DescribeAutomateResponseConfigFeatureResponse
 */
async function describeAutomateResponseConfigFeature(request: DescribeAutomateResponseConfigFeatureRequest): DescribeAutomateResponseConfigFeatureResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeAutomateResponseConfigFeatureWithOptions(request, runtime);
}

model DescribeAutomateResponseConfigPlayBooksRequest {
  autoResponseType?: string(name='AutoResponseType', description='The type of the automated response rule. Valid values:

*   event
*   alert', example='event'),
  entityType?: string(name='EntityType', description='The entity type of the playbook. Valid values:

*   ip
*   process
*   file', example='ip'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model DescribeAutomateResponseConfigPlayBooksResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: [ 
    {
      description?: string(name='Description', description='The description of the playbook.', example='Waf Block IP'),
      displayName?: string(name='DisplayName', description='The display name of the playbook.', example='WafBlockIP'),
      name?: string(name='Name', description='The unique identifier name of the playbook.', example='WafBlockIP'),
      paramType?: string(name='ParamType', description='The input parameter template of the playbook. Valid values:

*   template-ip: IP address
*   template-process: process
*   template-filee: file', example='template-ip'),
      uuid?: string(name='Uuid', description='The UUID of the playbook.', example='system_aliyun_clb_process_book'),
    }
  ](name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DescribeAutomateResponseConfigPlayBooksResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeAutomateResponseConfigPlayBooksResponseBody(name='body'),
}

/**
 * @summary Queries user-defined playbooks.
 *
 * @param request DescribeAutomateResponseConfigPlayBooksRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeAutomateResponseConfigPlayBooksResponse
 */
async function describeAutomateResponseConfigPlayBooksWithOptions(request: DescribeAutomateResponseConfigPlayBooksRequest, runtime: Util.RuntimeOptions): DescribeAutomateResponseConfigPlayBooksResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.autoResponseType)) {
    body['AutoResponseType'] = request.autoResponseType;
  }
  if (!Util.isUnset(request.entityType)) {
    body['EntityType'] = request.entityType;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeAutomateResponseConfigPlayBooks',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries user-defined playbooks.
 *
 * @param request DescribeAutomateResponseConfigPlayBooksRequest
 * @return DescribeAutomateResponseConfigPlayBooksResponse
 */
async function describeAutomateResponseConfigPlayBooks(request: DescribeAutomateResponseConfigPlayBooksRequest): DescribeAutomateResponseConfigPlayBooksResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeAutomateResponseConfigPlayBooksWithOptions(request, runtime);
}

model DescribeCloudSiemAssetsRequest {
  assetType?: string(name='AssetType', description='The type of the asset. Valid values:

*   ip
*   domain
*   url
*   process
*   file
*   host', example='ip'),
  currentPage?: int32(name='CurrentPage', description='The page number. Pages start from page 1.

This parameter is required.', example='1'),
  incidentUuid?: string(name='IncidentUuid', description='The UUID of the event.', example='85ea4241-798f-4684-a876-65d4f0c3****'),
  pageSize?: int32(name='PageSize', description='The number of entries per page. Maximum value: 100.

This parameter is required.', example='10'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model DescribeCloudSiemAssetsResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: {
    pageInfo?: {
      currentPage?: int32(name='CurrentPage', description='The current page number.', example='1'),
      pageSize?: int32(name='PageSize', description='The number of entries per page.', example='10'),
      totalCount?: long(name='TotalCount', description='The total number of entries returned.', example='100'),
    }(name='PageInfo', description='The pagination information.'),
    responseData?: [ 
      {
        alertUuid?: string(name='AlertUuid', description='The UUID of the alert associated with the event.', example='sas_71e24437d2797ce8fc59692905a4****'),
        aliuid?: long(name='Aliuid', description='The ID of the Alibaba Cloud account in SIEM.', example='1276085894174392'),
        assetId?: string(name='AssetId', description='The logical ID of the asset.', example='0616caeb-acb8-45e0-8520-4ee5fbe251f0'),
        assetInfo?: [ 
          {
            key?: string(name='Key', description='The attribute key.', example='suspicious.wbd.wb.trojanpath'),
            keyName?: string(name='KeyName', description='The name of the key.', example='Trojan Path'),
            values?: string(name='Values', description='The value of the key.', example='/root/test33.php'),
          }
        ](name='AssetInfo', description='The display information of the asset is in the JSON format.', example='[{"KeyName": "${aliyun.siem.asset.asset_name}","Values": "zsw-agentless-ubuntu20","Key": "asset_name"}]'),
        assetName?: string(name='AssetName', description='The name of the asset.', example='zsw-agentless-centos****'),
        assetType?: string(name='AssetType', description='The type of the asset. Valid values:

*   ip
*   domain
*   url
*   process
*   file
*   host', example='domain'),
        cloudCode?: string(name='CloudCode', description='The cloud code of the entity. Valid values:

*   aliyun: Alibaba Cloud
*   qcloud: Tencent Cloud
*   hcloud: Huawei Cloud', example='aliyun'),
        gmtCreate?: string(name='GmtCreate', description='The time when the asset was synchronized.', example='2021-01-06 16:37:29'),
        gmtModified?: string(name='GmtModified', description='The time when the asset was last updated.', example='2021-01-06 16:37:29'),
        id?: long(name='Id', description='The ID of the asset.', example='123'),
        incidentUuid?: string(name='IncidentUuid', description='The UUID of the event.', example='85ea4241-798f-4684-a876-65d4f0c3****'),
        subUserId?: long(name='SubUserId', description='The ID of the associated account to which the asset belongs.', example='176555323***'),
      }
    ](name='ResponseData', description='The detailed data.'),
  }(name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DescribeCloudSiemAssetsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeCloudSiemAssetsResponseBody(name='body'),
}

/**
 * @summary Queries the assets that are associated with an event.
 *
 * @param request DescribeCloudSiemAssetsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeCloudSiemAssetsResponse
 */
async function describeCloudSiemAssetsWithOptions(request: DescribeCloudSiemAssetsRequest, runtime: Util.RuntimeOptions): DescribeCloudSiemAssetsResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.assetType)) {
    body['AssetType'] = request.assetType;
  }
  if (!Util.isUnset(request.currentPage)) {
    body['CurrentPage'] = request.currentPage;
  }
  if (!Util.isUnset(request.incidentUuid)) {
    body['IncidentUuid'] = request.incidentUuid;
  }
  if (!Util.isUnset(request.pageSize)) {
    body['PageSize'] = request.pageSize;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeCloudSiemAssets',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the assets that are associated with an event.
 *
 * @param request DescribeCloudSiemAssetsRequest
 * @return DescribeCloudSiemAssetsResponse
 */
async function describeCloudSiemAssets(request: DescribeCloudSiemAssetsRequest): DescribeCloudSiemAssetsResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeCloudSiemAssetsWithOptions(request, runtime);
}

model DescribeCloudSiemAssetsCounterRequest {
  incidentUuid?: string(name='IncidentUuid', description='The UUID of the event.

This parameter is required.', example='85ea4241-798f-4684-a876-65d4f0c3****'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model DescribeCloudSiemAssetsCounterResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: [ 
    {
      assetNum?: int32(name='AssetNum', description='The number of assets.', example='1'),
      assetType?: string(name='AssetType', description='The type of the asset. Valid values:

*   ip
*   domain
*   url
*   process
*   file
*   host', example='domain'),
    }
  ](name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DescribeCloudSiemAssetsCounterResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeCloudSiemAssetsCounterResponseBody(name='body'),
}

/**
 * @summary Queries the number of assets that are associated with an event by asset type.
 *
 * @param request DescribeCloudSiemAssetsCounterRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeCloudSiemAssetsCounterResponse
 */
async function describeCloudSiemAssetsCounterWithOptions(request: DescribeCloudSiemAssetsCounterRequest, runtime: Util.RuntimeOptions): DescribeCloudSiemAssetsCounterResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.incidentUuid)) {
    body['IncidentUuid'] = request.incidentUuid;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeCloudSiemAssetsCounter',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the number of assets that are associated with an event by asset type.
 *
 * @param request DescribeCloudSiemAssetsCounterRequest
 * @return DescribeCloudSiemAssetsCounterResponse
 */
async function describeCloudSiemAssetsCounter(request: DescribeCloudSiemAssetsCounterRequest): DescribeCloudSiemAssetsCounterResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeCloudSiemAssetsCounterWithOptions(request, runtime);
}

model DescribeCloudSiemEventDetailRequest {
  incidentUuid?: string(name='IncidentUuid', description='The UUID of the event.

This parameter is required.', example='85ea4241-798f-4684-a876-65d4f0c3****'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model DescribeCloudSiemEventDetailResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: {
    alertNum?: int32(name='AlertNum', description='The number of alerts that are associated with the event.', example='4'),
    aliuid?: long(name='Aliuid', description='The ID of the Alibaba Cloud account to which the event belongs.', example='127608589417****'),
    assetNum?: int32(name='AssetNum', description='The number of assets that are associated with the event.', example='4'),
    attCkLabels?: [ string ](name='AttCkLabels', description='The tags of the ATT\\\\&CK attacks.', example='["T1595.002 Vulnerability Scanning"]'),
    dataSources?: [ string ](name='DataSources', description='The source of the alert.', example='[sas,waf]'),
    description?: string(name='Description', description='The description of the event.', example='The threat event contains 13 Miner Network,1 Execute suspicious encoded commands on Linux, etc'),
    descriptionEn?: string(name='DescriptionEn', description='The description of the event in English.', example='The threat event contains 13 Miner Network,1 Execute suspicious encoded commands on Linux, etc'),
    extContent?: string(name='ExtContent', description='The extended information of the event in the JSON format.', example='{"event_transfer_type":"customize_rule"}'),
    gmtCreate?: string(name='GmtCreate', description='The time when the event occurred.', example='2021-01-06 16:37:29'),
    gmtModified?: string(name='GmtModified', description='The time when the event was last updated.', example='2021-01-06 16:37:29'),
    incidentName?: string(name='IncidentName', description='The name of the event.', example='Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc'),
    incidentNameEn?: string(name='IncidentNameEn', description='The name of the event in English.', example='Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc'),
    incidentUuid?: string(name='IncidentUuid', description='The UUID of the event.', example='85ea4241-798f-4684-a876-65d4f0c3****'),
    referAccount?: string(name='ReferAccount', description='Users associated with the event.'),
    remark?: string(name='Remark', description='The remarks of the event.', example='dealed'),
    status?: int32(name='Status', description='The status of the event. Valid values:

*   0: not handled
*   1: handing
*   5: handling failed
*   10: handled', example='0'),
    threatLevel?: string(name='ThreatLevel', description='The risk level. Valid values:

*   serious: high
*   suspicious: medium
*   remind: low', example='remind'),
    threatScore?: float(name='ThreatScore', description='The risk score of the event. The score ranges from 0 to 100. A higher score indicates a higher risk level.', example='90.2'),
  }(name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DescribeCloudSiemEventDetailResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeCloudSiemEventDetailResponseBody(name='body'),
}

/**
 * @summary Queries the details of an event.
 *
 * @param request DescribeCloudSiemEventDetailRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeCloudSiemEventDetailResponse
 */
async function describeCloudSiemEventDetailWithOptions(request: DescribeCloudSiemEventDetailRequest, runtime: Util.RuntimeOptions): DescribeCloudSiemEventDetailResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.incidentUuid)) {
    body['IncidentUuid'] = request.incidentUuid;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeCloudSiemEventDetail',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the details of an event.
 *
 * @param request DescribeCloudSiemEventDetailRequest
 * @return DescribeCloudSiemEventDetailResponse
 */
async function describeCloudSiemEventDetail(request: DescribeCloudSiemEventDetailRequest): DescribeCloudSiemEventDetailResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeCloudSiemEventDetailWithOptions(request, runtime);
}

model DescribeCloudSiemEventsRequest {
  assetId?: string(name='AssetId', description='The ID of the asset that is associated with the event.', example='6c740667-80b2-476d-8924-2e706feb****'),
  currentPage?: int32(name='CurrentPage', description='The page number. Pages start from page 1.

This parameter is required.', example='1'),
  endTime?: long(name='EndTime', description='The end of the time range to query. Unit: milliseconds.', example='1577808000000'),
  eventName?: string(name='EventName', description='The name of the event.', example='ECS unusual log in'),
  incidentUuid?: string(name='IncidentUuid', description='The ID of the event.', example='85ea4241-798f-4684-a876-65d4f0c3****'),
  order?: string(name='Order', description='The sort order. Valid values:

*   desc: descending order
*   asc: ascending order', example='desc'),
  orderField?: string(name='OrderField', description='The sort field. Valid values:

*   GmtModified: sorts the events by creation time. This is the default value.
*   ThreatScore: sorts the events by risk score.', example='ThreatScore'),
  pageSize?: int32(name='PageSize', description='The number of entries per page. Maximum value: 100.

This parameter is required.', example='10'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
  startTime?: long(name='StartTime', description='The beginning of the time range to query. Unit: milliseconds.', example='1577808000000'),
  status?: int32(name='Status', description='The status of the event. Valid values:

*   0: unhandled
*   1: handling
*   5: handling failed
*   10: handled', example='0'),
  threadLevel?: [ string ](name='ThreadLevel', description='The risk levels of the events. The value is a JSON array. Valid values:

*   serious: high
*   suspicious: medium
*   remind: low', example='["serious","suspicious","remind"]'),
}

model DescribeCloudSiemEventsResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: {
    pageInfo?: {
      currentPage?: int32(name='CurrentPage', description='The current page number.', example='1'),
      pageSize?: int32(name='PageSize', description='The number of entries per page.', example='10'),
      totalCount?: long(name='TotalCount', description='The total number of entries returned.', example='100'),
    }(name='PageInfo', description='The pagination information.'),
    responseData?: [ 
      {
        alertNum?: int32(name='AlertNum', description='The number of alerts that are associated with the event.', example='4'),
        aliuid?: long(name='Aliuid', description='The ID of the Alibaba Cloud account to which the event belongs.', example='127608589417****'),
        assetNum?: int32(name='AssetNum', description='The number of assets that are associated with the event.', example='4'),
        attCkLabels?: [ string ](name='AttCkLabels', description='The tags of the ATT\\\\&CK techniques.', example='["T1595.002 Vulnerability Scanning"]'),
        dataSources?: [ string ](name='DataSources', description='The sources of the alert.', example='[sas,waf]'),
        description?: string(name='Description', description='The description of the event.', example='The threat event contains 13 Miner Network,1 Execute suspicious encoded commands on Linux, etc'),
        descriptionEn?: string(name='DescriptionEn', description='The event description in English.', example='The threat event contains 13 Miner Network,1 Execute suspicious encoded commands on Linux, etc'),
        extContent?: string(name='ExtContent', description='The extended event information in the JSON format.', example='{"event_transfer_type":"customize_rule"}'),
        gmtCreate?: string(name='GmtCreate', description='The time when the event occurred.', example='2021-01-06 16:37:29'),
        gmtModified?: string(name='GmtModified', description='The time when the event was last updated.', example='2021-01-06 16:37:29'),
        incidentName?: string(name='IncidentName', description='The name of the event.', example='Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc'),
        incidentNameEn?: string(name='IncidentNameEn', description='The event name in English.', example='Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc'),
        incidentUuid?: string(name='IncidentUuid', description='The UUID of the event.', example='85ea4241-798f-4684-a876-65d4f0c3****'),
        referAccount?: string(name='ReferAccount', description='the refer account info.', example='127608589417****'),
        remark?: string(name='Remark', description='The remarks of the event.', example='dealed'),
        status?: int32(name='Status', description='The status of the event. Valid values:

*   0: unhandled.
*   1: handling.
*   5: handling failed.
*   10: handled.', example='0'),
        threatLevel?: string(name='ThreatLevel', description='The risk level. Valid values:

*   serious: high.
*   suspicious: medium.
*   remind: low.', example='remind'),
        threatScore?: float(name='ThreatScore', description='The risk score of the event. Valid values: 0 to 100. A higher value indicates a higher risk level.', example='90.2'),
      }
    ](name='ResponseData', description='The detailed data.'),
  }(name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DescribeCloudSiemEventsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeCloudSiemEventsResponseBody(name='body'),
}

/**
 * @summary Queries events in SIEM.
 *
 * @param request DescribeCloudSiemEventsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeCloudSiemEventsResponse
 */
async function describeCloudSiemEventsWithOptions(request: DescribeCloudSiemEventsRequest, runtime: Util.RuntimeOptions): DescribeCloudSiemEventsResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.assetId)) {
    body['AssetId'] = request.assetId;
  }
  if (!Util.isUnset(request.currentPage)) {
    body['CurrentPage'] = request.currentPage;
  }
  if (!Util.isUnset(request.endTime)) {
    body['EndTime'] = request.endTime;
  }
  if (!Util.isUnset(request.eventName)) {
    body['EventName'] = request.eventName;
  }
  if (!Util.isUnset(request.incidentUuid)) {
    body['IncidentUuid'] = request.incidentUuid;
  }
  if (!Util.isUnset(request.order)) {
    body['Order'] = request.order;
  }
  if (!Util.isUnset(request.orderField)) {
    body['OrderField'] = request.orderField;
  }
  if (!Util.isUnset(request.pageSize)) {
    body['PageSize'] = request.pageSize;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  if (!Util.isUnset(request.startTime)) {
    body['StartTime'] = request.startTime;
  }
  if (!Util.isUnset(request.status)) {
    body['Status'] = request.status;
  }
  if (!Util.isUnset(request.threadLevel)) {
    body['ThreadLevel'] = request.threadLevel;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeCloudSiemEvents',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries events in SIEM.
 *
 * @param request DescribeCloudSiemEventsRequest
 * @return DescribeCloudSiemEventsResponse
 */
async function describeCloudSiemEvents(request: DescribeCloudSiemEventsRequest): DescribeCloudSiemEventsResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeCloudSiemEventsWithOptions(request, runtime);
}

model DescribeCsImportedProdStatusByUserRequest {
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  sourceLogProd?: string(name='SourceLogProd', description='The code of the cloud service.', example='sas'),
  userId?: long(name='UserId', description='The ID of the Alibaba Cloud account.', example='123XXXXXX'),
}

model DescribeCsImportedProdStatusByUserResponseBody = {
  data?: boolean(name='Data', description='Indicates whether the cloud service is activated for the account. Valid values:

*   true
*   false', example='true'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-*****-55B2-87B9-74D413F7****'),
}

model DescribeCsImportedProdStatusByUserResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeCsImportedProdStatusByUserResponseBody(name='body'),
}

/**
 * @summary Checks whether an Alibaba Cloud service is activated for an Alibaba Cloud account.
 *
 * @param request DescribeCsImportedProdStatusByUserRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeCsImportedProdStatusByUserResponse
 */
async function describeCsImportedProdStatusByUserWithOptions(request: DescribeCsImportedProdStatusByUserRequest, runtime: Util.RuntimeOptions): DescribeCsImportedProdStatusByUserResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.sourceLogProd)) {
    body['SourceLogProd'] = request.sourceLogProd;
  }
  if (!Util.isUnset(request.userId)) {
    body['UserId'] = request.userId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeCsImportedProdStatusByUser',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Checks whether an Alibaba Cloud service is activated for an Alibaba Cloud account.
 *
 * @param request DescribeCsImportedProdStatusByUserRequest
 * @return DescribeCsImportedProdStatusByUserResponse
 */
async function describeCsImportedProdStatusByUser(request: DescribeCsImportedProdStatusByUserRequest): DescribeCsImportedProdStatusByUserResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeCsImportedProdStatusByUserWithOptions(request, runtime);
}

model DescribeCustomizeRuleCountRequest {
  regionId?: string(name='RegionId', description='The data management center of the threat analysis feature. Specify this parameter based on the region in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions inside China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model DescribeCustomizeRuleCountResponseBody = {
  code?: int32(name='Code', description='The HTTP status code that is returned.', example='200'),
  data?: {
    aggregationRuleNum?: int32(name='AggregationRuleNum', description='同类聚合规则数。', example='3'),
    customizeRuleNum?: int32(name='CustomizeRuleNum', description='自定义规则数。', example='10'),
    expertRuleNum?: int32(name='ExpertRuleNum', description='专家规则数。', example='7'),
    graphComputingRuleNum?: int32(name='GraphComputingRuleNum', description='图计算规则数。', example='2'),
    highRuleNum?: int32(name='HighRuleNum', description='The number of rules that are used to identify high-risk threats.', example='12'),
    inUseRuleNum?: int32(name='InUseRuleNum', description='The total number of rules.', example='20'),
    lowRuleNum?: int32(name='LowRuleNum', description='The number of rules that are used to identify low-risk threats.', example='3'),
    mediumRuleNum?: int32(name='MediumRuleNum', description='The number of rules that are used to identify medium-risk threats.', example='5'),
    predefinedRuleNum?: int32(name='PredefinedRuleNum', description='预定义规则数。', example='10'),
    singleAlertRuleNum?: int32(name='SingleAlertRuleNum', description='告警透传规则数。', example='3'),
    totalRuleNum?: int32(name='TotalRuleNum', description='总规则数。', example='10'),
    unEventRuleNum?: int32(name='UnEventRuleNum', description='不产生事件规则数。', example='3'),
  }(name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DescribeCustomizeRuleCountResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeCustomizeRuleCountResponseBody(name='body'),
}

/**
 * @summary Queries the number of custom rules.
 *
 * @param request DescribeCustomizeRuleCountRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeCustomizeRuleCountResponse
 */
async function describeCustomizeRuleCountWithOptions(request: DescribeCustomizeRuleCountRequest, runtime: Util.RuntimeOptions): DescribeCustomizeRuleCountResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeCustomizeRuleCount',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the number of custom rules.
 *
 * @param request DescribeCustomizeRuleCountRequest
 * @return DescribeCustomizeRuleCountResponse
 */
async function describeCustomizeRuleCount(request: DescribeCustomizeRuleCountRequest): DescribeCustomizeRuleCountResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeCustomizeRuleCountWithOptions(request, runtime);
}

model DescribeCustomizeRuleTestRequest {
  id?: long(name='Id', description='The ID of the rule.', example='123456789'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model DescribeCustomizeRuleTestResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: {
    id?: long(name='Id', description='The ID of the rule.', example='123456789'),
    simulateData?: string(name='SimulateData', description='The historical data that is used in the simulation test.', example='[{"key1":"value1","key2":"value2","key3":"value3","key4":"value4","key5":"value5"}]'),
    status?: int32(name='Status', description='The status of the rule. Valid values:

*   0: The rule is in the initial state.
*   10: The simulation data is tested.
*   15: The business data is being tested.
*   20: The business data test ends.
*   100: The rule takes effect.', example='0'),
  }(name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DescribeCustomizeRuleTestResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeCustomizeRuleTestResponseBody(name='body'),
}

/**
 * @summary Queries the historical simulation data that is used in a simulation test scenario.
 *
 * @param request DescribeCustomizeRuleTestRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeCustomizeRuleTestResponse
 */
async function describeCustomizeRuleTestWithOptions(request: DescribeCustomizeRuleTestRequest, runtime: Util.RuntimeOptions): DescribeCustomizeRuleTestResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.id)) {
    body['Id'] = request.id;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeCustomizeRuleTest',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the historical simulation data that is used in a simulation test scenario.
 *
 * @param request DescribeCustomizeRuleTestRequest
 * @return DescribeCustomizeRuleTestResponse
 */
async function describeCustomizeRuleTest(request: DescribeCustomizeRuleTestRequest): DescribeCustomizeRuleTestResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeCustomizeRuleTestWithOptions(request, runtime);
}

model DescribeCustomizeRuleTestHistogramRequest {
  id?: long(name='Id', description='The ID of the rule.', example='123456789'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model DescribeCustomizeRuleTestHistogramResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: [ 
    {
      count?: long(name='Count', description='The number of alerts that are generated in the query time range.', example='125'),
      from?: long(name='From', description='The start of the time range for querying alerts. The value is a UNIX timestamp. Unit: seconds.', example='1599897188'),
      to?: long(name='To', description='The end of the time range for querying alerts. The value is a UNIX timestamp. Unit: seconds.', example='1599997188'),
    }
  ](name='Data', description='The return value for the request.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DescribeCustomizeRuleTestHistogramResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeCustomizeRuleTestHistogramResponseBody(name='body'),
}

/**
 * @summary Queries the chart that displays the test results of business data for a custom rule.
 *
 * @param request DescribeCustomizeRuleTestHistogramRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeCustomizeRuleTestHistogramResponse
 */
async function describeCustomizeRuleTestHistogramWithOptions(request: DescribeCustomizeRuleTestHistogramRequest, runtime: Util.RuntimeOptions): DescribeCustomizeRuleTestHistogramResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.id)) {
    body['Id'] = request.id;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeCustomizeRuleTestHistogram',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the chart that displays the test results of business data for a custom rule.
 *
 * @param request DescribeCustomizeRuleTestHistogramRequest
 * @return DescribeCustomizeRuleTestHistogramResponse
 */
async function describeCustomizeRuleTestHistogram(request: DescribeCustomizeRuleTestHistogramRequest): DescribeCustomizeRuleTestHistogramResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeCustomizeRuleTestHistogramWithOptions(request, runtime);
}

model DescribeDataSourceInstanceRequest {
  accountId?: string(name='AccountId', description='The ID of the cloud account.

This parameter is required.', example='123xxxxxxx'),
  cloudCode?: string(name='CloudCode', description='The code of the cloud service provider. Valid values:

*   qcloud: Tencent Cloud
*   aliyun: Alibaba Cloud
*   hcloud: Huawei Cloud

This parameter is required.', example='hcloud'),
  dataSourceInstanceId?: string(name='DataSourceInstanceId', description='The ID of the data source. The ID is an MD5 hash value that is calculated by the threat analysis feature based on specific parameters. You can call the [ListDataSourceLogs](https://api.aliyun-inc.com/#/publishment/document/cloud-siem/863fdf54478f4cc5877e27c2a5fe9e44?tenantUuid=f382fccd88b94c5c8c864def6815b854\\\\&activeTabKey=api%7CListDataSourceLogs) operation to query the IDs of data sources.

This parameter is required.', example='220ba97c9d1fdb0b9c7e8c7ca328d7ea'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
}

model DescribeDataSourceInstanceResponseBody = {
  data?: {
    accountId?: string(name='AccountId', description='The ID of the cloud account.', example='123xxxxxxx'),
    cloudCode?: string(name='CloudCode', description='The code of the cloud service provider. Valid values:

*   qcloud: Tencent Cloud
*   aliyun: Alibaba Cloud
*   hcloud: Huawei Cloud', example='hcloud'),
    dataSourceInstanceId?: string(name='DataSourceInstanceId', description='The ID of the data source. The ID is an MD5 hash value that is calculated by the threat analysis feature based on specific parameters.', example='220ba97c9d1fdb0b9c7e8c7ca328d7ea'),
    dataSourceInstanceParams?: [ 
      {
        paraCode?: string(name='ParaCode', description='The code of the parameter.', example='region_code'),
        paraValue?: string(name='ParaValue', description='The value of the parameter.', example='ap-guangzhou'),
      }
    ](name='DataSourceInstanceParams', description='The parameters of the data source.'),
  }(name='Data', description='The data returned.'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-*****-55B2-87B9-74D413F7****'),
}

model DescribeDataSourceInstanceResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeDataSourceInstanceResponseBody(name='body'),
}

/**
 * @summary Queries the details of a data source.
 *
 * @param request DescribeDataSourceInstanceRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeDataSourceInstanceResponse
 */
async function describeDataSourceInstanceWithOptions(request: DescribeDataSourceInstanceRequest, runtime: Util.RuntimeOptions): DescribeDataSourceInstanceResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.accountId)) {
    body['AccountId'] = request.accountId;
  }
  if (!Util.isUnset(request.cloudCode)) {
    body['CloudCode'] = request.cloudCode;
  }
  if (!Util.isUnset(request.dataSourceInstanceId)) {
    body['DataSourceInstanceId'] = request.dataSourceInstanceId;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeDataSourceInstance',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the details of a data source.
 *
 * @param request DescribeDataSourceInstanceRequest
 * @return DescribeDataSourceInstanceResponse
 */
async function describeDataSourceInstance(request: DescribeDataSourceInstanceRequest): DescribeDataSourceInstanceResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeDataSourceInstanceWithOptions(request, runtime);
}

model DescribeDataSourceParametersRequest {
  cloudCode?: string(name='CloudCode', description='The code of the cloud service provider.

Valid values:

*   qcloud
*   hcloud
*   aliyun

This parameter is required.', example='hcloud'),
  dataSourceType?: string(name='DataSourceType', description='The type of the data source. Valid values:

*   **ckafka**: Tencent Cloud TDMQ for CKafka
*   **obs**: Huawei Cloud Object Storage Service (OBS)
*   **wafApi**: download API of Tencent Cloud Web Application Firewall (WAF)

This parameter is required.', example='obs'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
}

model DescribeDataSourceParametersResponseBody = {
  data?: [ 
    {
      canEditted?: int32(name='CanEditted', description='Indicates whether the edit operation is supported. Valid values:

*   **0**
*   **1**', example='wafApi'),
      cloudCode?: string(name='CloudCode', description='The code of the cloud service provider. Valid values:

*   **qcloud**: Tencent Cloud
*   **aliyun**: Alibaba Cloud
*   **hcloud**: Huawei Cloud', example='hcloud'),
      dataSourceType?: string(name='DataSourceType', description='The type of the data source. Valid values:

*   **obs**: Huawei Cloud Object Storage Service (OBS)
*   **wafApi**: download API of Tencent Cloud Web Application Firewall (WAF)
*   **ckafka**: Tencent Cloud TDMQ for CKafka', example='obs'),
      defaultValue?: string(name='DefaultValue', description='The default value of the parameter.', example='wafApi'),
      disabled?: boolean(name='Disabled', description='Indicates whether the modification operation is forbidden. Valid values:

*   **true**
*   **false**', example='wafApi'),
      formatCheck?: string(name='FormatCheck', description='The method that is used to check the parameter format.', example='email'),
      hit?: string(name='Hit', description='The additional information.', example='obs docment'),
      paraCode?: string(name='ParaCode', description='The code of the parameter.', example='region_code'),
      paraLevel?: int32(name='ParaLevel', description='The parameter level. Valid values:

*   **1**: the parameters of the data source
*   **2**: the parameters of the log', example='1'),
      paraName?: string(name='ParaName', description='The name of the parameter.', example='region local'),
      paraType?: string(name='ParaType', description='The data type of the parameter.', example='string'),
      paramValue?: [ 
        {
          label?: string(name='Label', description='The display value.', example='guangzhou'),
          value?: string(name='Value', description='The actual value.', example='ap-guangzhou'),
        }
      ](name='ParamValue', description='The value of the parameter.'),
      required?: int32(name='Required', description='Indicates whether the parameter is required. Valid values:

*   **1**: required
*   **0**: optional', example='string'),
      title?: string(name='Title', description='The note for the parameter value.', example='obs bucket name'),
    }
  ](name='Data', description='The data returned.'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-*****-55B2-87B9-74D413F7****'),
}

model DescribeDataSourceParametersResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeDataSourceParametersResponseBody(name='body'),
}

/**
 * @summary Queries the parameters of a data source.
 *
 * @param request DescribeDataSourceParametersRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeDataSourceParametersResponse
 */
async function describeDataSourceParametersWithOptions(request: DescribeDataSourceParametersRequest, runtime: Util.RuntimeOptions): DescribeDataSourceParametersResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.cloudCode)) {
    body['CloudCode'] = request.cloudCode;
  }
  if (!Util.isUnset(request.dataSourceType)) {
    body['DataSourceType'] = request.dataSourceType;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeDataSourceParameters',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the parameters of a data source.
 *
 * @param request DescribeDataSourceParametersRequest
 * @return DescribeDataSourceParametersResponse
 */
async function describeDataSourceParameters(request: DescribeDataSourceParametersRequest): DescribeDataSourceParametersResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeDataSourceParametersWithOptions(request, runtime);
}

model DescribeDisposeAndPlaybookRequest {
  currentPage?: int32(name='CurrentPage', description='The page number. Pages start from page 1.', example='1'),
  entityType?: string(name='EntityType', description='The entity type. Valid values:

*   ip
*   process
*   file', example='ip'),
  incidentUuid?: string(name='IncidentUuid', description='The UUID of the event.', example='85ea4241-798f-4684-a876-65d4f0c3****'),
  pageSize?: int32(name='PageSize', description='The number of entries to return on each page. Maximum value: 100.', example='10'),
  regionId?: string(name='RegionId', description='The data management center of the threat analysis feature. Specify this parameter based on the region in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions inside China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model DescribeDisposeAndPlaybookResponseBody = {
  code?: int32(name='Code', description='The HTTP status code that is returned.', example='200'),
  data?: {
    pageInfo?: {
      currentPage?: int32(name='CurrentPage', description='The current page number.', example='1'),
      pageSize?: int32(name='PageSize', description='The number of entries per page.', example='10'),
      totalCount?: long(name='TotalCount', description='The total number of entries returned.', example='100'),
    }(name='PageInfo', description='The pagination information.'),
    responseData?: [ 
      {
        alertNum?: int32(name='AlertNum', description='The number of alerts that are associated with the entity.', example='1'),
        dispose?: string(name='Dispose', description='The object for handling.', example='192.168.1.1'),
        entityId?: long(name='EntityId', description='The entity ID', example='12345'),
        entityInfo?: map[string]any(name='EntityInfo', description='The entity information.', example='{"file_path": "c:/www/leixi.jsp","file_hash": "aa0ca926ad948cd820e0a3d9a18c09d0","host_uuid": "efed2cf7-0b77-45d9-a97b-d2cf246bcbb3","malware_type": "${aliyun.siem.sas.alert_tag.webshell}","host_name": "launch-advisor-20230531"}'),
        opcodeMap?: map[string]string(name='OpcodeMap', description='The key-value pairs each of which consists of opcode and oplevel.', example='12345'),
        opcodeSet?: [ string ](name='OpcodeSet', description='The codes of the playbooks that are recommended for entity handling.', example='[1,3]'),
        playbookList?: [ 
          {
            description?: string(name='Description', description='The playbook description.', example='WafBlockIP'),
            displayName?: string(name='DisplayName', description='The display name of the playbook.', example='WafBlockIP'),
            name?: string(name='Name', description='The playbook name, which is the unique identifier of the playbook.', example='kill_process_isolate_file'),
            opCode?: string(name='OpCode', description='The opcode of the playbook, which corresponds to the opcode of the playbook recommended for entity handling.', example='7'),
            opLevel?: string(name='OpLevel', description='Indicates whether quick event handling is selected by default. Valid values:

*   2: Quick event handling is selected.
*   1: Quick event handling is displayed but not selected.', example='2'),
            paramConfig?: [ any ](name='ParamConfig', description='The playbook parameters and the corresponding properties.'),
            taskConfig?: string(name='TaskConfig', description='The opcode configuration.', example='{"opCode":"3"}'),
            wafPlaybook?: boolean(name='WafPlaybook', description='Indicates whether the playbook is intended for Web Application Firewall (WAF). Valid values:

*   true
*   false', example='false'),
          }
        ](name='PlaybookList', description='The playbooks that can handle the entity.', example='[{"name":"云安全中心-云服务器安全","code":"1"}]'),
        scope?: [ any ](name='Scope', description='The IDs of the users who can handle objects.', example='176618589410****'),
      }
    ](name='ResponseData', description='The detailed data.'),
  }(name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DescribeDisposeAndPlaybookResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeDisposeAndPlaybookResponseBody(name='body'),
}

/**
 * @summary Queries the list of entities and playbooks that need to be handled.
 *
 * @param request DescribeDisposeAndPlaybookRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeDisposeAndPlaybookResponse
 */
async function describeDisposeAndPlaybookWithOptions(request: DescribeDisposeAndPlaybookRequest, runtime: Util.RuntimeOptions): DescribeDisposeAndPlaybookResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.currentPage)) {
    body['CurrentPage'] = request.currentPage;
  }
  if (!Util.isUnset(request.entityType)) {
    body['EntityType'] = request.entityType;
  }
  if (!Util.isUnset(request.incidentUuid)) {
    body['IncidentUuid'] = request.incidentUuid;
  }
  if (!Util.isUnset(request.pageSize)) {
    body['PageSize'] = request.pageSize;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeDisposeAndPlaybook',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the list of entities and playbooks that need to be handled.
 *
 * @param request DescribeDisposeAndPlaybookRequest
 * @return DescribeDisposeAndPlaybookResponse
 */
async function describeDisposeAndPlaybook(request: DescribeDisposeAndPlaybookRequest): DescribeDisposeAndPlaybookResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeDisposeAndPlaybookWithOptions(request, runtime);
}

model DescribeDisposeStrategyPlaybookRequest {
  endTime?: long(name='EndTime', description='The end of the time range to query. Unit: milliseconds.

This parameter is required.', example='1577808000000'),
  regionId?: string(name='RegionId', description='The data management center of the threat analysis feature. Specify this parameter based on the region in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions inside China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
  startTime?: long(name='StartTime', description='The beginning of the time range to query. Unit: milliseconds.

This parameter is required.', example='1577808000000'),
}

model DescribeDisposeStrategyPlaybookResponseBody = {
  code?: int32(name='Code', description='The HTTP status code that is returned.', example='200'),
  data?: [ 
    {
      playbookName?: string(name='PlaybookName', description='The playbook name, which is the unique identifier of the playbook.', example='WafBlockIP'),
      playbookUuid?: string(name='PlaybookUuid', description='The UUID of the playbook.', example='system_aliyun_clb_process_book'),
    }
  ](name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DescribeDisposeStrategyPlaybookResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeDisposeStrategyPlaybookResponseBody(name='body'),
}

/**
 * @summary Queries the list of playbooks that are used by a handling policy.
 *
 * @param request DescribeDisposeStrategyPlaybookRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeDisposeStrategyPlaybookResponse
 */
async function describeDisposeStrategyPlaybookWithOptions(request: DescribeDisposeStrategyPlaybookRequest, runtime: Util.RuntimeOptions): DescribeDisposeStrategyPlaybookResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.endTime)) {
    body['EndTime'] = request.endTime;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  if (!Util.isUnset(request.startTime)) {
    body['StartTime'] = request.startTime;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeDisposeStrategyPlaybook',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the list of playbooks that are used by a handling policy.
 *
 * @param request DescribeDisposeStrategyPlaybookRequest
 * @return DescribeDisposeStrategyPlaybookResponse
 */
async function describeDisposeStrategyPlaybook(request: DescribeDisposeStrategyPlaybookRequest): DescribeDisposeStrategyPlaybookResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeDisposeStrategyPlaybookWithOptions(request, runtime);
}

model DescribeEntityInfoRequest {
  entityId?: long(name='EntityId', description='The logical ID of the entity.', example='12345'),
  entityIdentity?: string(name='EntityIdentity', description='The feature value of the entity. Fuzzy match is supported.', example='test22.php'),
  incidentUuid?: string(name='IncidentUuid', description='The UUID of the event.', example='85ea4241-798f-4684-a876-65d4f0c3****'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
  sophonTaskId?: string(name='SophonTaskId', description='The ID of the SOAR handling policy.', example='577bbf90-a770-44a7-8154-586aa2d318fa'),
}

model DescribeEntityInfoResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: {
    entityId?: long(name='EntityId', description='The logical ID of the entity.', example='12345'),
    entityInfo?: map[string]any(name='EntityInfo', description='The information about the entry.', example='{ location: "xian", net_connect_dir: "in", malware_type: "${aliyun.siem.sas.alert_tag.login_unusual_account}" }'),
    entityType?: string(name='EntityType', description='The type of the entity. Valid values:

*   ip
*   domain
*   url
*   process
*   file
*   host', example='ip'),
    tipInfo?: map[string]any(name='TipInfo', description='The information about the risk Intelligence.', example='{
      "Ip": {
            "queryHot": "0",
            "country": "China",
            "province": "shanxi",
            "ip": "221.11.XX.XXX",
            "asn": "4837",
            "asn_label": "CHINAXXX-Backbone - CHINA UNICOM ChinaXXX Backbone, CN"
      }
}'),
  }(name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DescribeEntityInfoResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeEntityInfoResponseBody(name='body'),
}

/**
 * @summary Queries the details of an entity.
 *
 * @param request DescribeEntityInfoRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeEntityInfoResponse
 */
async function describeEntityInfoWithOptions(request: DescribeEntityInfoRequest, runtime: Util.RuntimeOptions): DescribeEntityInfoResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.entityId)) {
    body['EntityId'] = request.entityId;
  }
  if (!Util.isUnset(request.entityIdentity)) {
    body['EntityIdentity'] = request.entityIdentity;
  }
  if (!Util.isUnset(request.incidentUuid)) {
    body['IncidentUuid'] = request.incidentUuid;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  if (!Util.isUnset(request.sophonTaskId)) {
    body['SophonTaskId'] = request.sophonTaskId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeEntityInfo',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the details of an entity.
 *
 * @param request DescribeEntityInfoRequest
 * @return DescribeEntityInfoResponse
 */
async function describeEntityInfo(request: DescribeEntityInfoRequest): DescribeEntityInfoResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeEntityInfoWithOptions(request, runtime);
}

model DescribeEventCountByThreatLevelRequest {
  endTime?: long(name='EndTime', description='The end of the time range to query. Unit: milliseconds.', example='1577808000000'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the member in the resource directory.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view.

*   0: view of the current Alibaba Cloud account.
*   1: view of all accounts for the enterprise.', example='1'),
  startTime?: long(name='StartTime', description='The beginning of the time range to query. Unit: milliseconds.', example='1577808000000'),
}

model DescribeEventCountByThreatLevelResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: {
    eventNum?: long(name='EventNum', description='The total number of events.', example='100'),
    highLevelEventNum?: long(name='HighLevelEventNum', description='The number of high-risk events.', example='20'),
    lowLevelEventNum?: long(name='LowLevelEventNum', description='The number of low-risk events.', example='52'),
    mediumLevelEventNum?: long(name='MediumLevelEventNum', description='The number of medium-risk events.', example='3'),
    undealEventNum?: long(name='UndealEventNum', description='The number of unhandled events.', example='75'),
  }(name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DescribeEventCountByThreatLevelResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeEventCountByThreatLevelResponseBody(name='body'),
}

/**
 * @summary Queries the number of events by type.
 *
 * @param request DescribeEventCountByThreatLevelRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeEventCountByThreatLevelResponse
 */
async function describeEventCountByThreatLevelWithOptions(request: DescribeEventCountByThreatLevelRequest, runtime: Util.RuntimeOptions): DescribeEventCountByThreatLevelResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.endTime)) {
    body['EndTime'] = request.endTime;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  if (!Util.isUnset(request.startTime)) {
    body['StartTime'] = request.startTime;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeEventCountByThreatLevel',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the number of events by type.
 *
 * @param request DescribeEventCountByThreatLevelRequest
 * @return DescribeEventCountByThreatLevelResponse
 */
async function describeEventCountByThreatLevel(request: DescribeEventCountByThreatLevelRequest): DescribeEventCountByThreatLevelResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeEventCountByThreatLevelWithOptions(request, runtime);
}

model DescribeEventDisposeRequest {
  currentPage?: int32(name='CurrentPage', description='The page number. Pages start from page 1.', example='1'),
  incidentUuid?: string(name='IncidentUuid', description='The UUID of the event.', example='85ea4241-798f-4684-a876-65d4f0c3****'),
  pageSize?: int32(name='PageSize', description='The number of entries per page. Maximum value: 500.', example='10'),
  regionId?: string(name='RegionId', description='The data management center of the threat analysis feature. Specify this parameter based on the region in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions inside China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model DescribeEventDisposeResponseBody = {
  code?: int32(name='Code', description='The HTTP status code that is returned.', example='200'),
  data?: {
    eventDispose?: [ any ](name='EventDispose', description='An array consisting of JSON objects that are configured for event handling.', example='{ playbookName: "使用安全组封禁入方向IP", sophonTaskId: "400442a5-4f98-45ed-97db-5ab117eb0b8f", … }'),
    receiverInfo?: {
      channel?: string(name='Channel', description='The channel of the contact information. Valid values:

*   message
*   mail', example='message'),
      gmtCreate?: string(name='GmtCreate', description='The creation time.', example='2021-01-06 16:37:29'),
      gmtModified?: string(name='GmtModified', description='The modification time.', example='2021-01-06 16:37:29'),
      id?: long(name='Id', description='The ID of the recipient who receives the event handling result.', example='123'),
      incidentUuid?: string(name='IncidentUuid', description='The UUID of the event.', example='85ea4241-798f-4684-a876-65d4f0c3****'),
      messageTitle?: string(name='MessageTitle', description='The message title.', example='siem event dealed message'),
      receiver?: string(name='Receiver', description='The contact information of the recipient.', example='138xxxxxx'),
      status?: int32(name='Status', description='Indicates whether the message is sent. Valid values:

*   0: not sent
*   1: sent', example='1'),
    }(name='ReceiverInfo', description='The JSON object that is configured for an alert recipient.'),
    remark?: string(name='Remark', description='The description of the event.', example='dealed'),
    status?: int32(name='Status', description='The status of the event. Valid values:

*   0: not handled
*   1: handing
*   5: handling failed
*   10: handled', example='0'),
  }(name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DescribeEventDisposeResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeEventDisposeResponseBody(name='body'),
}

/**
 * @summary Queries the handling policies of a historical event.
 *
 * @param request DescribeEventDisposeRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeEventDisposeResponse
 */
async function describeEventDisposeWithOptions(request: DescribeEventDisposeRequest, runtime: Util.RuntimeOptions): DescribeEventDisposeResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.currentPage)) {
    body['CurrentPage'] = request.currentPage;
  }
  if (!Util.isUnset(request.incidentUuid)) {
    body['IncidentUuid'] = request.incidentUuid;
  }
  if (!Util.isUnset(request.pageSize)) {
    body['PageSize'] = request.pageSize;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeEventDispose',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the handling policies of a historical event.
 *
 * @param request DescribeEventDisposeRequest
 * @return DescribeEventDisposeResponse
 */
async function describeEventDispose(request: DescribeEventDisposeRequest): DescribeEventDisposeResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeEventDisposeWithOptions(request, runtime);
}

model DescribeImportedLogCountRequest {
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: string(name='RoleFor'),
  roleType?: string(name='RoleType'),
}

model DescribeImportedLogCountResponseBody = {
  data?: {
    importedLogCount?: int32(name='ImportedLogCount', description='The number of logs that are added.', example='10'),
    totalLogCount?: int32(name='TotalLogCount', description='The total number of logs.', example='59'),
    unImportedLogCount?: int32(name='UnImportedLogCount', description='The number of logs that are not added.', example='49'),
  }(name='Data', description='The data returned.'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-*****-55B2-87B9-74D413F7****'),
}

model DescribeImportedLogCountResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeImportedLogCountResponseBody(name='body'),
}

/**
 * @summary Queries the number of logs that are added to the threat analysis feature.
 *
 * @param request DescribeImportedLogCountRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeImportedLogCountResponse
 */
async function describeImportedLogCountWithOptions(request: DescribeImportedLogCountRequest, runtime: Util.RuntimeOptions): DescribeImportedLogCountResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeImportedLogCount',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the number of logs that are added to the threat analysis feature.
 *
 * @param request DescribeImportedLogCountRequest
 * @return DescribeImportedLogCountResponse
 */
async function describeImportedLogCount(request: DescribeImportedLogCountRequest): DescribeImportedLogCountResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeImportedLogCountWithOptions(request, runtime);
}

model DescribeJobStatusRequest {
  regionId?: string(name='RegionId', description='The region where the service resides. Default value: cn-shanghai.', example='cn-shanghai'),
  submitId?: string(name='SubmitId', description='The ID of the collection task. The ID is the value of the submitId parameter in the response of the [BatchJobSubmit](https://next.api.aliyun.com/api/cloud-siem/2022-06-16/BatchSubmitJob?lang=JAVA\\\\&useCommon=true) operation.

This parameter is required.', example='xxxxx_folder_xxxxxx'),
}

model DescribeJobStatusResponseBody = {
  code?: int32(name='Code', description='The HTTP status code. If the request is successful, 200 is returned.', example='200'),
  data?: {
    configId?: string(name='ConfigId', description='The ID of the task configuration.', example='xxxx_folder_xxxx'),
    errTaskList?: [ 
      {
        productList?: [ 
          {
            logList?: [ 
              {
                errorCode?: string(name='ErrorCode', description='The reason for the failure.', example='ProjectLogStoreNotFound'),
                logCode?: string(name='LogCode', description='The code of the logs.', example='cloud_siem_aegis_proc'),
                logStoreNamePattern?: string(name='LogStoreNamePattern', description='The pattern for the name of the Simple Log Service Logstore from which logs are collected.', example='vpc_project_test'),
                productCode?: string(name='ProductCode', description='The code of the service.', example='sas'),
                projectNamePattern?: string(name='ProjectNamePattern', description='The pattern for the name of the Simple Log Service project from which logs are collected.', example='vpc-project-test'),
                regionCode?: string(name='RegionCode', description='The ID of the region.', example='cn-shanghai'),
              }
            ](name='LogList', description='The list of logs that fail to be collected.'),
            productCode?: string(name='ProductCode', description='The code of the service.', example='sas'),
          }
        ](name='ProductList', description='The list of services in failed tasks.'),
        userId?: long(name='UserId', description='The ID of the Alibaba Cloud account.', example='123XXXXX'),
      }
    ](name='ErrTaskList', description='The list of failed tasks. The value contains the Alibaba Cloud account and service code of each failed task.'),
    failedCount?: int32(name='FailedCount', description='The total number of tasks that fail.', example='8'),
    finishCount?: int32(name='FinishCount', description='The total number of tasks that are complete.', example='52'),
    folderId?: string(name='FolderId', description='The ID of the resource directory folder.', example='fd-xxxxx'),
    taskCount?: int32(name='TaskCount', description='The total number of collection tasks that are created.', example='60'),
    taskStatus?: string(name='TaskStatus', description='The status of the submitted task.

Valid values:

*   submit

    <!-- -->

    <!-- -->

    <!-- -->

*   finish

    <!-- -->

    <!-- -->

    <!-- -->', example='finish'),
  }(name='Data', description='The returned data.'),
  errCode?: string(name='ErrCode', description='The error code. If the request is successful, the parameter is empty. If the request fails, an error code is returned.', example='ServerError'),
  message?: string(name='Message', description='The error message. If the request is successful, the parameter is empty. If the request fails, the reason for the failure is returned.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='5B0DFF6D-XXXX'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   **true**
*   **false**', example='true'),
}

model DescribeJobStatusResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeJobStatusResponseBody(name='body'),
}

/**
 * @summary Queries the status of collection tasks by using the submitId parameter of the tasks.
 *
 * @param request DescribeJobStatusRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeJobStatusResponse
 */
async function describeJobStatusWithOptions(request: DescribeJobStatusRequest, runtime: Util.RuntimeOptions): DescribeJobStatusResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.submitId)) {
    body['SubmitId'] = request.submitId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeJobStatus',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the status of collection tasks by using the submitId parameter of the tasks.
 *
 * @param request DescribeJobStatusRequest
 * @return DescribeJobStatusResponse
 */
async function describeJobStatus(request: DescribeJobStatusRequest): DescribeJobStatusResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeJobStatusWithOptions(request, runtime);
}

model DescribeLogFieldsRequest {
  logSource?: string(name='LogSource', description='The log source of the rule.', example='cloud_siem_aegis_sas_alert'),
  logType?: string(name='LogType', description='The log type of the rule.', example='cloud_siem_aegis_sas_alert'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model DescribeLogFieldsResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: [ 
    {
      activityName?: string(name='ActivityName', description='The type of the log to which the field belongs.', example='HTTP_ACTIVITY'),
      fieldDesc?: string(name='FieldDesc', description='The internal code of the field description.', example='sas.cloudsiem.prod.activity_name'),
      fieldName?: string(name='FieldName', description='The name of the field.', example='activity_name'),
      fieldType?: string(name='FieldType', description='The data type of the field. Valid values:

*   varchar
*   bigint', example='varchar'),
      logCode?: string(name='LogCode', description='The log source to which the field belongs.', example='cloud_siem_aegis_sas_alert'),
    }
  ](name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DescribeLogFieldsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeLogFieldsResponseBody(name='body'),
}

/**
 * @summary Queries the fields that can be configured for a custom rule.
 *
 * @param request DescribeLogFieldsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeLogFieldsResponse
 */
async function describeLogFieldsWithOptions(request: DescribeLogFieldsRequest, runtime: Util.RuntimeOptions): DescribeLogFieldsResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.logSource)) {
    body['LogSource'] = request.logSource;
  }
  if (!Util.isUnset(request.logType)) {
    body['LogType'] = request.logType;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeLogFields',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the fields that can be configured for a custom rule.
 *
 * @param request DescribeLogFieldsRequest
 * @return DescribeLogFieldsResponse
 */
async function describeLogFields(request: DescribeLogFieldsRequest): DescribeLogFieldsResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeLogFieldsWithOptions(request, runtime);
}

model DescribeLogSourceRequest {
  logType?: string(name='LogType', description='The log type of the rule.', example='HTTP_ACTIVITY'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model DescribeLogSourceResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: [ 
    {
      logSource?: string(name='LogSource', description='The log source of the rule.', example='cloud_siem_aegis_sas_alert'),
      logSourceName?: string(name='LogSourceName', description='The internal code of the log source.', example='sas.cloudsiem.prod.cloud_siem_aegis_sas_alert'),
    }
  ](name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DescribeLogSourceResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeLogSourceResponseBody(name='body'),
}

/**
 * @summary Queries the log sources that can be configured for a custom rule.
 *
 * @param request DescribeLogSourceRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeLogSourceResponse
 */
async function describeLogSourceWithOptions(request: DescribeLogSourceRequest, runtime: Util.RuntimeOptions): DescribeLogSourceResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.logType)) {
    body['LogType'] = request.logType;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeLogSource',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the log sources that can be configured for a custom rule.
 *
 * @param request DescribeLogSourceRequest
 * @return DescribeLogSourceResponse
 */
async function describeLogSource(request: DescribeLogSourceRequest): DescribeLogSourceResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeLogSourceWithOptions(request, runtime);
}

model DescribeLogStoreRequest {
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the region where your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions inside the Chinese mainland or in the China (Hong Kong) region.
*   ap-southeast-1: Your assets reside in regions outside the Chinese mainland, excluding the China (Hong Kong) region.', example='cn-hangzhou'),
}

model DescribeLogStoreResponseBody = {
  data?: {
    appendMeta?: boolean(name='AppendMeta', description='Indicates whether the following time points are added after the log arrives: the time points when the public IP address of the client and the log arrive. Valid values:

*   true
*   false', example='false'),
    autoSplit?: boolean(name='AutoSplit', description='Indicates whether the automatic sharding feature is enabled. Valid values:

*   true
*   false', example='false'),
    enableTracking?: boolean(name='EnableTracking', description='Indicates whether the web tracking feature is enabled to collect user information from browsers, iOS applications, or Android applications. Valid values:

*   true
*   false', example='false'),
    logStoreName?: string(name='LogStoreName', description='The name of the Logstore in Simple Log Service.', example='cloud-siem'),
    maxSplitShard?: int32(name='MaxSplitShard', description='The maximum number of shards that can be generated by using the automatic sharding feature.', example='64'),
    shardCount?: int32(name='ShardCount', description='The number of shards in Log Service.', example='2'),
    ttl?: int32(name='Ttl', description='The retention period of data. Unit: day.', example='180'),
  }(name='Data', description='The response of the threat analysis feature.'),
  requestId?: string(name='RequestId', description='The request ID.', example='9B9CBCEE-9225-5069-BC7F-880938A2****'),
}

model DescribeLogStoreResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeLogStoreResponseBody(name='body'),
}

/**
 * @summary Queries the information about a Logstore that is used in the threat analysis feature of Simple Log Service on the user side. The information may be the Logstore name or the time-to-live (TTL) period of data in the Logstore.
 *
 * @param request DescribeLogStoreRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeLogStoreResponse
 */
async function describeLogStoreWithOptions(request: DescribeLogStoreRequest, runtime: Util.RuntimeOptions): DescribeLogStoreResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeLogStore',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the information about a Logstore that is used in the threat analysis feature of Simple Log Service on the user side. The information may be the Logstore name or the time-to-live (TTL) period of data in the Logstore.
 *
 * @param request DescribeLogStoreRequest
 * @return DescribeLogStoreResponse
 */
async function describeLogStore(request: DescribeLogStoreRequest): DescribeLogStoreResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeLogStoreWithOptions(request, runtime);
}

model DescribeLogTypeRequest {
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model DescribeLogTypeResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: [ 
    {
      logType?: string(name='LogType', description='The log type of the rule.', example='HTTP_ACTIVITY'),
      logTypeName?: string(name='LogTypeName', description='The internal code of the log type.', example='sas.cloudsiem.prod.http_activity'),
    }
  ](name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DescribeLogTypeResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeLogTypeResponseBody(name='body'),
}

/**
 * @summary Queries the log types that can be configured for a custom rule.
 *
 * @param request DescribeLogTypeRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeLogTypeResponse
 */
async function describeLogTypeWithOptions(request: DescribeLogTypeRequest, runtime: Util.RuntimeOptions): DescribeLogTypeResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeLogType',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the log types that can be configured for a custom rule.
 *
 * @param request DescribeLogTypeRequest
 * @return DescribeLogTypeResponse
 */
async function describeLogType(request: DescribeLogTypeRequest): DescribeLogTypeResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeLogTypeWithOptions(request, runtime);
}

model DescribeOperatorsRequest {
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
  sceneType?: string(name='SceneType', description='The type of the scenario in which the operator is used. Valid values:

*   If you do not specify this parameter, the default scenario is used.
*   AGGREGATE: AGGREGATE scenario.', example='AGGREGATE'),
}

model DescribeOperatorsResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: [ 
    {
      index?: int32(name='Index', description='The position of the operator in the operator list.', example='3'),
      operator?: string(name='Operator', description='The operator.', example='<='),
      operatorDescCn?: string(name='OperatorDescCn', description='The description of the operator in Chinese.', example='arger than or equal to'),
      operatorDescEn?: string(name='OperatorDescEn', description='The description of the operator in English.', example='larger than or equal to'),
      operatorName?: string(name='OperatorName', description='The name of the operator.', example='<='),
      supportDataType?: string(name='SupportDataType', description='The data types that are supported by the operator. The data types are separated by commas (,).', example='varchar'),
      supportTag?: [ string ](name='SupportTag', description='The scenarios that are supported by the operator. Multiple scenarios are separated by commas (,), such as AGGREGATE scenarios. By default, this parameter is empty.', example='[AGGREGATE]'),
    }
  ](name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DescribeOperatorsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeOperatorsResponseBody(name='body'),
}

/**
 * @summary Queries the operator of a custom rule.
 *
 * @param request DescribeOperatorsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeOperatorsResponse
 */
async function describeOperatorsWithOptions(request: DescribeOperatorsRequest, runtime: Util.RuntimeOptions): DescribeOperatorsResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  if (!Util.isUnset(request.sceneType)) {
    body['SceneType'] = request.sceneType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeOperators',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the operator of a custom rule.
 *
 * @param request DescribeOperatorsRequest
 * @return DescribeOperatorsResponse
 */
async function describeOperators(request: DescribeOperatorsRequest): DescribeOperatorsResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeOperatorsWithOptions(request, runtime);
}

model DescribeProdCountRequest {
  regionId?: string(name='RegionId', description='The data management center of the threat analysis feature. Specify this parameter based on the region where your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions inside China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor'),
  roleType?: int32(name='RoleType'),
}

model DescribeProdCountResponseBody = {
  data?: {
    aliyunImportedCount?: int32(name='AliyunImportedCount'),
    aliyunProdCount?: int32(name='AliyunProdCount', description='The number of Alibaba Cloud services.', example='19'),
    hcloudImportedCount?: int32(name='HcloudImportedCount'),
    hcloudProdCount?: int32(name='HcloudProdCount', description='The number of Huawei Cloud services.', example='2'),
    idcImportedCount?: int32(name='IdcImportedCount'),
    idcProdCount?: int32(name='IdcProdCount', example='2'),
    qcloudImportedCount?: int32(name='QcloudImportedCount'),
    qcloudProdCount?: int32(name='QcloudProdCount', description='The number of Tencent Cloud services.', example='2'),
  }(name='Data', description='The data returned.'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-*****-55B2-87B9-74D413F7****'),
}

model DescribeProdCountResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeProdCountResponseBody(name='body'),
}

/**
 * @summary Queries the number of services that can be added to the threat analysis feature in Alibaba Cloud, Tenant Cloud, and Huawei Cloud.
 *
 * @param request DescribeProdCountRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeProdCountResponse
 */
async function describeProdCountWithOptions(request: DescribeProdCountRequest, runtime: Util.RuntimeOptions): DescribeProdCountResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeProdCount',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the number of services that can be added to the threat analysis feature in Alibaba Cloud, Tenant Cloud, and Huawei Cloud.
 *
 * @param request DescribeProdCountRequest
 * @return DescribeProdCountResponse
 */
async function describeProdCount(request: DescribeProdCountRequest): DescribeProdCountResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeProdCountWithOptions(request, runtime);
}

model DescribeScopeUsersRequest {
  regionId?: string(name='RegionId', description='The data management center of the threat analysis feature. Specify this parameter based on the region in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions inside China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model DescribeScopeUsersResponseBody = {
  code?: int32(name='Code', description='The HTTP status code that is returned.', example='200'),
  data?: [ 
    {
      aliUid?: long(name='AliUid', description='The ID of the security information and event management (SIEM) user.', example='123456789****'),
      cloudCode?: string(name='CloudCode', description='云code。  取值：
- qcloud：腾讯云
- hcloud：华为云', example='qcloud'),
      domains?: [ string ](name='Domains', description='An array consisting of the domain names that are protected by the WAF instance.', example='[123.com, 456.com]'),
      instanceId?: string(name='InstanceId', description='The ID of the Web Application Firewall (WAF) instance.', example='waf-cn-tl123ast****'),
      userId?: string(name='UserId', description='多云用户ID。', example='123456789****'),
      userName?: string(name='UserName', description='The username.', example='test001'),
    }
  ](name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DescribeScopeUsersResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeScopeUsersResponseBody(name='body'),
}

/**
 * @summary Queries the list of users in the playbook scope.
 *
 * @param request DescribeScopeUsersRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeScopeUsersResponse
 */
async function describeScopeUsersWithOptions(request: DescribeScopeUsersRequest, runtime: Util.RuntimeOptions): DescribeScopeUsersResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeScopeUsers',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the list of users in the playbook scope.
 *
 * @param request DescribeScopeUsersRequest
 * @return DescribeScopeUsersResponse
 */
async function describeScopeUsers(request: DescribeScopeUsersRequest): DescribeScopeUsersResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeScopeUsersWithOptions(request, runtime);
}

model DescribeServiceStatusRequest {
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
}

model DescribeServiceStatusResponseBody = {
  data?: boolean(name='Data', description='Indicates whether the threat analysis feature is authorized to access the resource directory. Valid values:

*   true
*   false', example='true'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-*****-55B2-87B9-74D413F7****'),
}

model DescribeServiceStatusResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeServiceStatusResponseBody(name='body'),
}

/**
 * @summary Checks whether the threat analysis feature is authorized to access a resource directory.
 *
 * @param request DescribeServiceStatusRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeServiceStatusResponse
 */
async function describeServiceStatusWithOptions(request: DescribeServiceStatusRequest, runtime: Util.RuntimeOptions): DescribeServiceStatusResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeServiceStatus',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Checks whether the threat analysis feature is authorized to access a resource directory.
 *
 * @param request DescribeServiceStatusRequest
 * @return DescribeServiceStatusResponse
 */
async function describeServiceStatus(request: DescribeServiceStatusRequest): DescribeServiceStatusResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeServiceStatusWithOptions(request, runtime);
}

model DescribeStorageRequest {
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='137820528780****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model DescribeStorageResponseBody = {
  data?: boolean(name='Data', description='Indicates whether the projects and Logstores that are created for the threat analysis feature exist in Simple Log Service. Valid values:

*   true
*   false', example='true'),
  requestId?: string(name='RequestId', description='The request ID.', example='CCEEE128-6607-503E-AAA6-C5E57D94****'),
}

model DescribeStorageResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeStorageResponseBody(name='body'),
}

/**
 * @summary Queries the status of the Logstores for the threat analysis feature in Simple Log Service on the user side.
 *
 * @param request DescribeStorageRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeStorageResponse
 */
async function describeStorageWithOptions(request: DescribeStorageRequest, runtime: Util.RuntimeOptions): DescribeStorageResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeStorage',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the status of the Logstores for the threat analysis feature in Simple Log Service on the user side.
 *
 * @param request DescribeStorageRequest
 * @return DescribeStorageResponse
 */
async function describeStorage(request: DescribeStorageRequest): DescribeStorageResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeStorageWithOptions(request, runtime);
}

model DescribeUserBuyStatusRequest {
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  subUserId?: long(name='SubUserId', description='The ID of the Alibaba Cloud account.', example='123XXXXXX'),
}

model DescribeUserBuyStatusResponseBody = {
  data?: {
    canBuy?: boolean(name='CanBuy', description='Indicates whether the logon Alibaba Cloud account can be used to place orders for the threat analysis feature, such as purchase, upgrade, and specifications change orders. Valid values:

*   true
*   false', example='true'),
    capacity?: int32(name='Capacity', description='The log storage capacity that is purchased for the threat analysis feature. Unit: GB.', example='1024'),
    durationDays?: long(name='DurationDays', description='The number of days before the expiration time of the threat analysis feature.', example='3'),
    endTime?: long(name='EndTime', description='The timestamp when the threat analysis feature expires. Unit: milliseconds.', example='1669823999000'),
    mainUserId?: long(name='MainUserId', description='The ID of the Alibaba Cloud account that is used to purchase the threat analysis feature.', example='123XXXXXX'),
    mainUserName?: string(name='MainUserName', description='The username of the Alibaba Cloud account that is used to purchase the threat analysis feature.', example='sas_account_xxx'),
    masterUserId?: long(name='MasterUserId', description='The ID of the management account of the resource directory.', example='123XXXXXX'),
    masterUserName?: string(name='MasterUserName', description='The display name of the management account of the resource directory.', example='rd_master_xxx'),
    rdOrder?: int32(name='RdOrder', example='1'),
    sasInstanceId?: string(name='SasInstanceId', description='The instance ID of Security Center.', example='sas-instance-xxxxx'),
    subUserId?: long(name='SubUserId', description='The ID of the logon Alibaba Cloud account.', example='123XXXXXX'),
    subUserName?: string(name='SubUserName', description='The username of the logon Alibaba Cloud account.', example='sas_account_xxx'),
  }(name='Data', description='The data returned.'),
  requestId?: string(name='RequestId', description='The request ID.', example='81D8EC0C-0804-51AD-8C38-17ED0BC74892'),
}

model DescribeUserBuyStatusResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeUserBuyStatusResponseBody(name='body'),
}

/**
 * @summary Checks whether the current Alibaba Cloud account or the management account of a resource directory is used to purchase the threat analysis feature.
 *
 * @param request DescribeUserBuyStatusRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeUserBuyStatusResponse
 */
async function describeUserBuyStatusWithOptions(request: DescribeUserBuyStatusRequest, runtime: Util.RuntimeOptions): DescribeUserBuyStatusResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.subUserId)) {
    body['SubUserId'] = request.subUserId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeUserBuyStatus',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Checks whether the current Alibaba Cloud account or the management account of a resource directory is used to purchase the threat analysis feature.
 *
 * @param request DescribeUserBuyStatusRequest
 * @return DescribeUserBuyStatusResponse
 */
async function describeUserBuyStatus(request: DescribeUserBuyStatusRequest): DescribeUserBuyStatusResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeUserBuyStatusWithOptions(request, runtime);
}

model DescribeWafScopeRequest {
  entityId?: long(name='EntityId', description='The ID of the entity.', example='20617784'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model DescribeWafScopeResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: [ 
    {
      aliuid?: long(name='Aliuid', description='The ID of the Alibaba Cloud account in SIEM.', example='127608589417****'),
      domains?: [ string ](name='Domains', description='The domain names that are protected by the WAF instance.', example='[123.com, 456.com]'),
      instanceId?: string(name='InstanceId', description='The ID of the WAF instance.', example='waf-cn-tl123ast****'),
    }
  ](name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DescribeWafScopeResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeWafScopeResponseBody(name='body'),
}

/**
 * @summary Queries the protected domain names of the WAF instance for a user to which an entity belongs.
 *
 * @param request DescribeWafScopeRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeWafScopeResponse
 */
async function describeWafScopeWithOptions(request: DescribeWafScopeRequest, runtime: Util.RuntimeOptions): DescribeWafScopeResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.entityId)) {
    body['EntityId'] = request.entityId;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeWafScope',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the protected domain names of the WAF instance for a user to which an entity belongs.
 *
 * @param request DescribeWafScopeRequest
 * @return DescribeWafScopeResponse
 */
async function describeWafScope(request: DescribeWafScopeRequest): DescribeWafScopeResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeWafScopeWithOptions(request, runtime);
}

model DescribeWhiteRuleListRequest {
  alertName?: string(name='AlertName', description='The name of the alert.', example='Try SNMP weak password'),
  alertType?: string(name='AlertType', description='The type of the alert.', example='scan'),
  currentPage?: int32(name='CurrentPage', description='The page number. Pages start from page 1.

This parameter is required.', example='1'),
  incidentUuid?: string(name='IncidentUuid', description='The UUID of the event.', example='85ea4241-798f-4684-a876-65d4f0c3****'),
  pageSize?: int32(name='PageSize', description='The number of entries per page. Valid values: 1 to 100.

This parameter is required.', example='10'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model DescribeWhiteRuleListResponseBody = {
  code?: int32(name='Code', description='The response code.', example='200'),
  data?: {
    pageInfo?: {
      currentPage?: int32(name='CurrentPage', description='The current page number.', example='1'),
      pageSize?: int32(name='PageSize', description='The number of entries per page.', example='10'),
      totalCount?: long(name='TotalCount', description='The total number of entries returned.', example='100'),
    }(name='PageInfo', description='The pagination information.'),
    responseData?: [ 
      {
        alertName?: string(name='AlertName', description='The alert name.', example='Try SNMP weak password'),
        alertNameId?: string(name='AlertNameId', description='The ID of the alert name.', example='Try SNMP weak password'),
        alertType?: string(name='AlertType', description='The alert type.', example='scan'),
        alertTypeId?: string(name='AlertTypeId', description='The ID of the alert type.', example='scan'),
        alertUuid?: string(name='AlertUuid', description='The UUID of the alert.', example='sas_71e24437d2797ce8fc59692905a4****'),
        aliuid?: long(name='Aliuid', description='The ID of the Alibaba Cloud account that is used to purchase the threat analysis feature.', example='127608589417****'),
        expression?: {
          conditions?: [ 
            {
              isNot?: boolean(name='IsNot', description='Indicates whether the result is inverted. Valid values:

*   true
*   false', example='false'),
              itemId?: int32(name='ItemId', description='The ID of the rule condition.', example='1'),
              left?: {
                isVar?: boolean(name='IsVar', description='Indicates whether the left operand is a variable. Valid values:

*   true: variable.
*   false: constant.', example='true'),
                modifier?: string(name='Modifier', description='The remarks on the right operand.', example='length'),
                modifierParam?: map[string]any(name='ModifierParam', description='The key-value pair information of the remarks.'),
                type?: string(name='Type', description='Indicates whether the left operand is a constant. Valid values:

*   true
*   false', example='false'),
                value?: string(name='Value', description='The variable of the left operand.', example='ip'),
              }(name='Left', description='The left operand of the rule condition.'),
              operator?: string(name='Operator', description='The logical operator of the rule condition. Valid values:

*   `=`: equals to.
*   `<>`: does not equal to.
*   `in`: contains.
*   `not in`: does not contain.
*   `REGEXP`: matches a regular expression.
*   `NOT REGEXP`: does not match a regular expression.', example='REGEXP'),
              right?: {
                isVar?: boolean(name='IsVar', description='Indicates whether the right operand is a constant or a runtime variable that is obtained from the runtime context. Valid values:

*   true: runtime variable.
*   false: constant.', example='false'),
                modifier?: string(name='Modifier', description='The remarks on the right operand.', example='length'),
                modifierParam?: map[string]any(name='ModifierParam', description='The key-value pair information of the remarks.'),
                type?: string(name='Type', description='The data type of the right operand.', example='String'),
                value?: string(name='Value', description='The right operand.', example='12345'),
              }(name='Right', description='The right operand of the rule condition.'),
            }
          ](name='Conditions', description='The rule conditions.'),
          logic?: string(name='Logic', description='The logical relationships among the rule conditions.', example='(1&2)|(3&4)'),
        }(name='Expression', description='The conditions in the rule. The value is a JSON array.', example='[{"conditions":[{"isNot":false,"itemId":0,"left":{"value":"host_uuid.host_name"},"operator":"containsString","right":{"value":"Cloud-MCH"}}]}]'),
        gmtCreate?: string(name='GmtCreate', description='The time when the whitelist rule was created.', example='2021-01-06 16:37:29'),
        gmtModified?: string(name='GmtModified', description='The time when the whitelist rule was modified.', example='2021-01-06 16:37:29'),
        id?: long(name='Id', description='The ID of the whitelist rule.', example='123456789'),
        incidentUuid?: string(name='IncidentUuid', description='The UUID of the event.', example='85ea4241-798f-4684-a876-65d4f0c3****'),
        status?: int32(name='Status', description='The status of the whitelist rule. Valid values:

*   1: enabled.
*   0: disabled.', example='1'),
        subAliuid?: long(name='SubAliuid', description='The ID of the Alibaba Cloud account that is used to create the whitelist rule.', example='176555323***'),
      }
    ](name='ResponseData', description='The detailed data.'),
  }(name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model DescribeWhiteRuleListResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DescribeWhiteRuleListResponseBody(name='body'),
}

/**
 * @summary Queries a list of whitelist rules for alerts.
 *
 * @param request DescribeWhiteRuleListRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DescribeWhiteRuleListResponse
 */
async function describeWhiteRuleListWithOptions(request: DescribeWhiteRuleListRequest, runtime: Util.RuntimeOptions): DescribeWhiteRuleListResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.alertName)) {
    body['AlertName'] = request.alertName;
  }
  if (!Util.isUnset(request.alertType)) {
    body['AlertType'] = request.alertType;
  }
  if (!Util.isUnset(request.currentPage)) {
    body['CurrentPage'] = request.currentPage;
  }
  if (!Util.isUnset(request.incidentUuid)) {
    body['IncidentUuid'] = request.incidentUuid;
  }
  if (!Util.isUnset(request.pageSize)) {
    body['PageSize'] = request.pageSize;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DescribeWhiteRuleList',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries a list of whitelist rules for alerts.
 *
 * @param request DescribeWhiteRuleListRequest
 * @return DescribeWhiteRuleListResponse
 */
async function describeWhiteRuleList(request: DescribeWhiteRuleListRequest): DescribeWhiteRuleListResponse {
  var runtime = new Util.RuntimeOptions{};
  return describeWhiteRuleListWithOptions(request, runtime);
}

model DoQuickFieldRequest {
  from?: int32(name='From', description='The time when the quick analysis starts. This value is a UNIX timestamp representing the number of seconds that have elapsed since January 1, 1970, 00:00:00 UTC.

This parameter is required.', example='1684376244'),
  index?: string(name='Index', description='The index field.

This parameter is required.', example='alert_level'),
  page?: int32(name='Page', description='The number of pages to return. Default value: 1.', example='1'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the region where your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions inside the Chinese mainland or in the China (Hong Kong) region.
*   ap-southeast-1: Your assets reside in regions outside the Chinese mainland, excluding the China (Hong Kong) region.', example='cn-hangzhou'),
  reverse?: boolean(name='Reverse', description='The sorting of the query and analysis results. By default, the results are sorted in descending order.', example='true'),
  size?: int32(name='Size', description='The number of entries per page. Default value: 10.', example='10'),
  to?: int32(name='To', description='The time when the quick analysis ends. This value is a UNIX timestamp representing the number of seconds that have elapsed since January 1, 1970, 00:00:00 UTC.

This parameter is required.', example='1684378090'),
}

model DoQuickFieldResponseBody = {
  data?: {
    aggQueryd?: string(name='AggQueryd', description='This parameter is deprecated.', example='""'),
    completeOrNot?: boolean(name='CompleteOrNot', description='Indicates whether the quick analysis was successful. Valid values:

*   true
*   false', example='true'),
    count?: int32(name='Count', description='The number of entries returned.', example='10'),
    hasSQL?: boolean(name='HasSQL', description='This parameter is deprecated.', example='true'),
    keys?: [ string ](name='Keys', description='This parameter is deprecated.'),
    limited?: long(name='Limited', description='This parameter is deprecated.', example='0'),
    logs?: [ any ](name='Logs', description='The logs queried by using the quick analysis feature.'),
    PQuery?: string(name='PQuery', description='This parameter is deprecated.', example='""'),
    processedRows?: long(name='ProcessedRows', description='The number of entries queried.', example='1000'),
    queryMode?: int32(name='QueryMode', description='This parameter is deprecated.', example='0'),
    whereQuery?: string(name='WhereQuery', description='This parameter is deprecated.', example='* and alert_level : remind | with_pack_meta'),
  }(name='Data', description='The response of the quick analysis.'),
  requestId?: string(name='RequestId', description='The request ID.', example='06735F17-1EDE-5212-81A3-8585368F****'),
}

model DoQuickFieldResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DoQuickFieldResponseBody(name='body'),
}

/**
 * @summary Queries and analyzes the distribution of specific fields by using quick analysis.
 *
 * @param request DoQuickFieldRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DoQuickFieldResponse
 */
async function doQuickFieldWithOptions(request: DoQuickFieldRequest, runtime: Util.RuntimeOptions): DoQuickFieldResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.from)) {
    body['From'] = request.from;
  }
  if (!Util.isUnset(request.index)) {
    body['Index'] = request.index;
  }
  if (!Util.isUnset(request.page)) {
    body['Page'] = request.page;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.reverse)) {
    body['Reverse'] = request.reverse;
  }
  if (!Util.isUnset(request.size)) {
    body['Size'] = request.size;
  }
  if (!Util.isUnset(request.to)) {
    body['To'] = request.to;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DoQuickField',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries and analyzes the distribution of specific fields by using quick analysis.
 *
 * @param request DoQuickFieldRequest
 * @return DoQuickFieldResponse
 */
async function doQuickField(request: DoQuickFieldRequest): DoQuickFieldResponse {
  var runtime = new Util.RuntimeOptions{};
  return doQuickFieldWithOptions(request, runtime);
}

model DoSelfDelegateRequest {
  aliUid?: long(name='AliUid', description='The Alibaba Cloud account of an ordinary member of the threat analysis feature.

This parameter is required.', example='104423523217****'),
  delegateOrNot?: int32(name='DelegateOrNot', description='Specifies whether to use a delegated administrator account. Valid values:

*   1: use a delegated administrator account.
*   0: do not use a delegated administrator account.

This parameter is required.', example='1'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the region where your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions inside the Chinese mainland or in the China (Hong Kong) region.
*   ap-southeast-1: Your assets reside in regions outside the Chinese mainland, excluding the China (Hong Kong) region.', example='cn-hangzhou'),
}

model DoSelfDelegateResponseBody = {
  data?: boolean(name='Data', description='Indicates whether a regular member is authorized. Valid values:

*   true: The member is authorized.
*   false: The authorization is canceled.', example='true'),
  requestId?: string(name='RequestId', description='The request ID.', example='9B9CBCEE-9225-5069-BC7F-880938A2****'),
}

model DoSelfDelegateResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DoSelfDelegateResponseBody(name='body'),
}

/**
 * @summary Grants permissions to or revokes permissions from a regular member on the threat analysis feature. This helps manage the authorization to view information such as log analysis and alerts.
 *
 * @param request DoSelfDelegateRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DoSelfDelegateResponse
 */
async function doSelfDelegateWithOptions(request: DoSelfDelegateRequest, runtime: Util.RuntimeOptions): DoSelfDelegateResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.aliUid)) {
    body['AliUid'] = request.aliUid;
  }
  if (!Util.isUnset(request.delegateOrNot)) {
    body['DelegateOrNot'] = request.delegateOrNot;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'DoSelfDelegate',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Grants permissions to or revokes permissions from a regular member on the threat analysis feature. This helps manage the authorization to view information such as log analysis and alerts.
 *
 * @param request DoSelfDelegateRequest
 * @return DoSelfDelegateResponse
 */
async function doSelfDelegate(request: DoSelfDelegateRequest): DoSelfDelegateResponse {
  var runtime = new Util.RuntimeOptions{};
  return doSelfDelegateWithOptions(request, runtime);
}

model EnableAccessForCloudSiemRequest {
  autoSubmit?: int32(name='AutoSubmit', description='Whether import the log of SAS alert, the log of WAF alert, the log of CFW alert or not. Valid values:
- 0: not imported automatically
- 1: imported automatically', example='1'),
  regionId?: string(name='RegionId', description='The data management center of the threat analysis feature. Specify this parameter based on the region where your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions inside China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model EnableAccessForCloudSiemResponseBody = {
  data?: boolean(name='Data', description='The data returned.', example='true'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-*****-55B2-87B9-74D413F7****'),
}

model EnableAccessForCloudSiemResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: EnableAccessForCloudSiemResponseBody(name='body'),
}

/**
 * @summary Creates a service-linked role named AliyunServiceRoleForSasCloudSiem for the threat analysis feature. The feature can assume this role to access cloud services.
 *
 * @param request EnableAccessForCloudSiemRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return EnableAccessForCloudSiemResponse
 */
async function enableAccessForCloudSiemWithOptions(request: EnableAccessForCloudSiemRequest, runtime: Util.RuntimeOptions): EnableAccessForCloudSiemResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.autoSubmit)) {
    body['AutoSubmit'] = request.autoSubmit;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'EnableAccessForCloudSiem',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Creates a service-linked role named AliyunServiceRoleForSasCloudSiem for the threat analysis feature. The feature can assume this role to access cloud services.
 *
 * @param request EnableAccessForCloudSiemRequest
 * @return EnableAccessForCloudSiemResponse
 */
async function enableAccessForCloudSiem(request: EnableAccessForCloudSiemRequest): EnableAccessForCloudSiemResponse {
  var runtime = new Util.RuntimeOptions{};
  return enableAccessForCloudSiemWithOptions(request, runtime);
}

model EnableServiceForCloudSiemRequest {
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
}

model EnableServiceForCloudSiemResponseBody = {
  data?: boolean(name='Data', description='Indicates whether the threat analysis feature is authorized to access the resource directory. Valid values:

*   true
*   false', example='true'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-*****-55B2-87B9-74D413F7****'),
}

model EnableServiceForCloudSiemResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: EnableServiceForCloudSiemResponseBody(name='body'),
}

/**
 * @summary Authorizes the threat analysis feature to access a resource directory. This operation must be called by the management account of the resource directory.
 *
 * @param request EnableServiceForCloudSiemRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return EnableServiceForCloudSiemResponse
 */
async function enableServiceForCloudSiemWithOptions(request: EnableServiceForCloudSiemRequest, runtime: Util.RuntimeOptions): EnableServiceForCloudSiemResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'EnableServiceForCloudSiem',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Authorizes the threat analysis feature to access a resource directory. This operation must be called by the management account of the resource directory.
 *
 * @param request EnableServiceForCloudSiemRequest
 * @return EnableServiceForCloudSiemResponse
 */
async function enableServiceForCloudSiem(request: EnableServiceForCloudSiemRequest): EnableServiceForCloudSiemResponse {
  var runtime = new Util.RuntimeOptions{};
  return enableServiceForCloudSiemWithOptions(request, runtime);
}

model GetCapacityRequest {
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model GetCapacityResponseBody = {
  data?: {
    existLogStore?: boolean(name='ExistLogStore', description='Indicates whether the Logstores for the threat analysis feature exist on the user side. Valid values:

*   true: The logs are in the normal state. The log analysis feature is available.
*   false: The logs are being cleared. The log analysis feature is unavailable.', example='true'),
    preservedCapacity?: long(name='PreservedCapacity', description='The purchased storage capacity of the threat analysis feature. Unit: GB.', example='9000'),
    usedCapacity?: double(name='UsedCapacity', description='The billable storage capacity of the threat analysis feature. Unit: GB.', example='10'),
  }(name='Data', description='The information about the storage capacity.'),
  requestId?: string(name='RequestId', description='The request ID.', example='27D27DCB-D76B-5064-8B3B-0900DEF7****'),
}

model GetCapacityResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetCapacityResponseBody(name='body'),
}

/**
 * @summary Queries the storage capacity usage of the threat analysis feature and the purchased storage capacity
 *
 * @param request GetCapacityRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetCapacityResponse
 */
async function getCapacityWithOptions(request: GetCapacityRequest, runtime: Util.RuntimeOptions): GetCapacityResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'GetCapacity',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the storage capacity usage of the threat analysis feature and the purchased storage capacity
 *
 * @param request GetCapacityRequest
 * @return GetCapacityResponse
 */
async function getCapacity(request: GetCapacityRequest): GetCapacityResponse {
  var runtime = new Util.RuntimeOptions{};
  return getCapacityWithOptions(request, runtime);
}

model GetHistogramsRequest {
  from?: int32(name='From', description='The start time of the subinterval. The value is a UNIX timestamp representing the number of seconds that have elapsed since the epoch time January 1, 1970, 00:00:00 UTC. The time range that is specified in this operation is a left-closed, right-open interval. The interval includes the start time specified by the from parameter, but does not include the end time specified by the to parameter. If you specify the same value for the from and to parameters, the interval is invalid, and an error message is returned.

This parameter is required.', example='1409529600'),
  query?: string(name='Query', description='The SQL statement. Only search statements are supported. Analytic statements are not supported. For more information about the syntax and limits of search statements, see [Log search overview](https://help.aliyun.com/document_detail/29060.html).', example='* and status: 401'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the region where your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions inside the Chinese mainland or in the China (Hong Kong) region.
*   ap-southeast-1: Your assets reside in regions outside the Chinese mainland, excluding the China (Hong Kong) region.', example='cn-hangzhou'),
  to?: int32(name='To', description='The end time of the subinterval. The value is a UNIX timestamp representing the number of seconds that have elapsed since the epoch time January 1, 1970, 00:00:00 UTC. The time range that is specified in this operation is a left-closed, right-open interval. The interval includes the start time specified by the from parameter, but does not include the end time specified by the to parameter. If you specify the same value for the from and to parameters, the interval is invalid, and an error message is returned.

This parameter is required.', example='1409569200'),
}

model GetHistogramsResponseBody = {
  data?: {
    histograms?: [ 
      {
        completedOrNot?: boolean(name='CompletedOrNot', description='Indicates whether the query results within the subinterval is complete. Valid values:

*   true: The query is complete and the returned result is complete.
*   false: The query is complete but the returned result is incomplete. You must repeat the request to obtain the complete result.', example='true'),
        count?: long(name='Count', description='The number of logs within the subinterval.', example='100'),
        from?: int32(name='From', description='The start time of the subinterval. The value is a UNIX timestamp representing the number of seconds that have elapsed since the epoch time January 1, 1970, 00:00:00 UTC.', example='1409529600'),
        to?: int32(name='To', description='The end time of the subinterval. The value is a UNIX timestamp representing the number of seconds that have elapsed since the epoch time January 1, 1970, 00:00:00 UTC.', example='1409569200'),
      }
    ](name='Histograms', description='The distribution of logs.'),
    server?: string(name='Server', description='The name of the server.', example='nginx'),
    totalCount?: long(name='TotalCount', description='The number of logs that are generated within the subinterval.', example='2'),
  }(name='Data', description='The data of the charts.'),
  requestId?: string(name='RequestId', description='The request ID.', example='97A31C3A-3F9F-5866-8979-5159E3DC****'),
}

model GetHistogramsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetHistogramsResponseBody(name='body'),
}

/**
 * @summary Queries the results of of search statements that are displayed in histograms.
 *
 * @param request GetHistogramsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetHistogramsResponse
 */
async function getHistogramsWithOptions(request: GetHistogramsRequest, runtime: Util.RuntimeOptions): GetHistogramsResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.from)) {
    body['From'] = request.from;
  }
  if (!Util.isUnset(request.query)) {
    body['Query'] = request.query;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.to)) {
    body['To'] = request.to;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'GetHistograms',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the results of of search statements that are displayed in histograms.
 *
 * @param request GetHistogramsRequest
 * @return GetHistogramsResponse
 */
async function getHistograms(request: GetHistogramsRequest): GetHistogramsResponse {
  var runtime = new Util.RuntimeOptions{};
  return getHistogramsWithOptions(request, runtime);
}

model GetLogsRequest {
  from?: int32(name='From', description='The time when the query starts. The value is a UNIX timestamp representing the number of seconds that have elapsed since the epoch time January 1, 1970, 00:00:00 UTC.

This parameter is required.', example='1684377190'),
  pageIndex?: int32(name='PageIndex', description='The page number. Pages start from page 1.

This parameter is required.', example='1'),
  pageSize?: int32(name='PageSize', description='The number of entries per page. Valid values: 0 to 100.

This parameter is required.', example='10'),
  query?: string(name='Query', description='The search statement or the analytic statement. For more information, see [Log search overview](https://help.aliyun.com/document_detail/43772.html) and [Log analysis overview](https://help.aliyun.com/document_detail/53608.html).', example='status: 401 | SELECT remote_addr,COUNT(*) as pv GROUP by remote_addr ORDER by pv desc limit 5'),
  regionId?: string(name='RegionId', description='The data management center of the threat analysis feature. Specify this parameter based on the region where your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  reverseOrNot?: boolean(name='ReverseOrNot', description='Specifies whether to sort the results of the log query by time in minutes in descending order. Default value: true. Valid values:

*   true
*   false', example='true'),
  to?: int32(name='To', description='The time when the query ends. The value is a UNIX timestamp representing the number of seconds that have elapsed since the epoch time January 1, 1970, 00:00:00 UTC.

This parameter is required.', example='1684378326'),
  total?: long(name='Total', description='The total number of entries returned.', example='2'),
}

model GetLogsResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: {
    pageInfo?: {
      currentPage?: int32(name='CurrentPage', description='The page number. Pages start from page 1.', example='1'),
      pageSize?: int32(name='PageSize', description='The number of entries per page.', example='20'),
      totalCount?: long(name='TotalCount', description='The total number of logs.', example='200'),
    }(name='PageInfo', description='The result on the current page.'),
    responseData?: {
      completeOrNot?: boolean(name='CompleteOrNot', description='The status of the log query. Valid values:

*   true: The query is complete and the returned result is complete.
*   false: The query is complete but the returned result is incomplete. You must resend the request to obtain the complete result.', example='true'),
      cost?: long(name='Cost', description='The time period of the log query. Unit: milliseconds.', example='28'),
      count?: int32(name='Count', description='The number of entries returned.', example='4'),
      hasSql?: boolean(name='HasSql', description='Indicated whether an analytic statement is contained. Valid values:

*   true
*   false', example='true'),
      keys?: [ string ](name='Keys', description='The index fields of the logs.'),
      lines?: [ any ](name='Lines', description='The raw data generated in the query.'),
    }(name='ResponseData', description='The content of the log.'),
  }(name='Data', description='The results of the log query.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='93A8B186-A5F1-5B20-9BCF-5605C5E9****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='True'),
}

model GetLogsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetLogsResponseBody(name='body'),
}

/**
 * @summary Queries the results of a log query by using SQL statements.
 *
 * @param request GetLogsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetLogsResponse
 */
async function getLogsWithOptions(request: GetLogsRequest, runtime: Util.RuntimeOptions): GetLogsResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.from)) {
    body['From'] = request.from;
  }
  if (!Util.isUnset(request.pageIndex)) {
    body['PageIndex'] = request.pageIndex;
  }
  if (!Util.isUnset(request.pageSize)) {
    body['PageSize'] = request.pageSize;
  }
  if (!Util.isUnset(request.query)) {
    body['Query'] = request.query;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.reverseOrNot)) {
    body['ReverseOrNot'] = request.reverseOrNot;
  }
  if (!Util.isUnset(request.to)) {
    body['To'] = request.to;
  }
  if (!Util.isUnset(request.total)) {
    body['Total'] = request.total;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'GetLogs',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the results of a log query by using SQL statements.
 *
 * @param request GetLogsRequest
 * @return GetLogsResponse
 */
async function getLogs(request: GetLogsRequest): GetLogsResponse {
  var runtime = new Util.RuntimeOptions{};
  return getLogsWithOptions(request, runtime);
}

model GetQuickQueryRequest {
  regionId?: string(name='RegionId', description='The data management center of the threat analysis feature. Specify this parameter based on the region where your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in the Chinese mainland or in the China (Hong Kong) region.
*   ap-southeast-1: Your assets reside in regions outside the Chinese mainland, excluding the China (Hong Kong) region.', example='cn-hangzhou'),
  searchName?: string(name='SearchName', description='The name of the saved search.

This parameter is required.', example='display_login_ip_search'),
}

model GetQuickQueryResponseBody = {
  data?: string(name='Data', description='The query statement.', example='status: 401 | SELECT remote_addr,COUNT(*) as pv GROUP by remote_addr ORDER by pv desc limit 5'),
  requestId?: string(name='RequestId', description='The request ID.', example='27D27DCB-D76B-5064-8B3B-0900DEF7****'),
}

model GetQuickQueryResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetQuickQueryResponseBody(name='body'),
}

/**
 * @summary Queries a query statement that is saved as a saved search in log analysis by name.
 *
 * @param request GetQuickQueryRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetQuickQueryResponse
 */
async function getQuickQueryWithOptions(request: GetQuickQueryRequest, runtime: Util.RuntimeOptions): GetQuickQueryResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.searchName)) {
    body['SearchName'] = request.searchName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'GetQuickQuery',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries a query statement that is saved as a saved search in log analysis by name.
 *
 * @param request GetQuickQueryRequest
 * @return GetQuickQueryResponse
 */
async function getQuickQuery(request: GetQuickQueryRequest): GetQuickQueryResponse {
  var runtime = new Util.RuntimeOptions{};
  return getQuickQueryWithOptions(request, runtime);
}

model GetStorageRequest {
  regionId?: string(name='RegionId', description='The data management center of the threat analysis feature. Specify this parameter based on the region where your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='127XXXX'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model GetStorageResponseBody = {
  data?: {
    canOperate?: boolean(name='CanOperate', description='Indicates whether the storage region can be changed for once. Default value: false Valid values:

*   true
*   false', example='false'),
    displayRegion?: boolean(name='DisplayRegion', description='Indicates whether the storage region can be changed. Default value: false Valid values:

*   true
*   false', example='false'),
    region?: string(name='Region', description='The region where the data is stored.

If the data management center is **cn-hangzhou**, the default value of **Region** is cn-shanghai, which specifies the China (Shanghai) region. If the data management center is **ap-southeast-1**, the default value of **Region** is ap-southeast-1, which specifies the Singapore region.', example='cn-shanghai'),
    ttl?: int32(name='Ttl', description='The storage period of logs. Unit: day. Default value: 180. Valid values: 30 to 3000.', example='180'),
  }(name='Data', description='The information about the storage.'),
  requestId?: string(name='RequestId', description='The request ID.', example='97A31C3A-3F9F-5866-8979-5159E3DC****'),
}

model GetStorageResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetStorageResponseBody(name='body'),
}

/**
 * @summary Queries the storage configurations for the threat analysis feature on the user side.
 *
 * @param request GetStorageRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetStorageResponse
 */
async function getStorageWithOptions(request: GetStorageRequest, runtime: Util.RuntimeOptions): GetStorageResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'GetStorage',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the storage configurations for the threat analysis feature on the user side.
 *
 * @param request GetStorageRequest
 * @return GetStorageResponse
 */
async function getStorage(request: GetStorageRequest): GetStorageResponse {
  var runtime = new Util.RuntimeOptions{};
  return getStorageWithOptions(request, runtime);
}

model ListAccountAccessIdRequest {
  cloudCode?: string(name='CloudCode', description='The code of the cloud service provider.

Valid values:

*   qcloud
*   hcloud

This parameter is required.', example='hcloud'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='0'),
}

model ListAccountAccessIdResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: [ 
    {
      accessId?: string(name='AccessId', description='The AccessKey ID of the cloud account that is added to the threat analysis feature.', example='ABCXXXXXXXX'),
      accessIdMd5?: string(name='AccessIdMd5', description='The MD5 hash value of the AccessKey ID.', example='abcXXXXXXXX'),
      accountId?: string(name='AccountId', description='The ID of the cloud account.', example='123xxxxxxx'),
      accountStr?: string(name='AccountStr', description='The information about the cloud account to which the AccessKey ID belongs. The value is in the following format: Alibaba Cloud account ID|Alibaba Cloud account username|AccessKey ID.', example='123xxxxxx|xxxx|ABCXXXXX'),
      bound?: int32(name='Bound', description='Indicates whether the cloud account to which the AccessKey ID belongs is added to the threat analysis feature. Valid values:

*   0: no
*   1: yes', example='1'),
      cloudCode?: string(name='CloudCode', description='The code of the cloud service provider.', example='hcloud'),
      subUserId?: long(name='SubUserId', description='The ID of the Alibaba Cloud account that is used to add the third-party cloud account.', example='ABCXXXXXXXX'),
    }
  ](name='Data', description='The data returned.'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-*****-55B2-87B9-74D413F7****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model ListAccountAccessIdResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListAccountAccessIdResponseBody(name='body'),
}

/**
 * @summary Queries a list of AccessKey IDs of third-party cloud accounts that are added to the threat analysis feature.
 *
 * @param request ListAccountAccessIdRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListAccountAccessIdResponse
 */
async function listAccountAccessIdWithOptions(request: ListAccountAccessIdRequest, runtime: Util.RuntimeOptions): ListAccountAccessIdResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.cloudCode)) {
    body['CloudCode'] = request.cloudCode;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'ListAccountAccessId',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries a list of AccessKey IDs of third-party cloud accounts that are added to the threat analysis feature.
 *
 * @param request ListAccountAccessIdRequest
 * @return ListAccountAccessIdResponse
 */
async function listAccountAccessId(request: ListAccountAccessIdRequest): ListAccountAccessIdResponse {
  var runtime = new Util.RuntimeOptions{};
  return listAccountAccessIdWithOptions(request, runtime);
}

model ListAccountsByLogRequest {
  cloudCode?: string(name='CloudCode', description='The code that is used for multi-cloud environments.

This parameter is required.', example='hcloud'),
  logCodes?: [ string ](name='LogCodes', description='The codes of logs. The value is a JSON array.

This parameter is required.', example='["cloud_siem_hcloud_waf_alert_log"]'),
  prodCode?: string(name='ProdCode', description='The code of the service.

This parameter is required.', example='qcloud_waf'),
  regionId?: string(name='RegionId', description='The data management center of the threat analysis feature. Specify this parameter based on the region where your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions inside China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model ListAccountsByLogResponseBody = {
  data?: [ 
    {
      accountId?: string(name='AccountId', description='The ID of the cloud account.', example='123xxxxxxx'),
      accountName?: string(name='AccountName', description='The name of the cloud account.', example='sas_account_xxx'),
      imported?: int32(name='Imported', description='Indicates whether the account is added. Valid values: -1: yes -0: no', example='123xxxxxxx'),
      logCode?: string(name='LogCode', description='The code of the log.', example='cloud_siem_waf_xxxxx'),
      mainUserId?: long(name='MainUserId', description='The ID of the Alibaba Cloud account that is used to purchase the threat analysis feature.', example='123XXXXXXXXX'),
      prodCode?: string(name='ProdCode', description='The code of the service.', example='qcloud_waf'),
      subUserId?: long(name='SubUserId', description='The ID of the Alibaba Cloud account for which the threat analysis feature is enabled.', example='123XXXXXXXX'),
    }
  ](name='Data', description='The data returned.'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-*****-55B2-87B9-74D413F7****'),
}

model ListAccountsByLogResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListAccountsByLogResponseBody(name='body'),
}

/**
 * @summary Query accounts by log.
 *
 * @param request ListAccountsByLogRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListAccountsByLogResponse
 */
async function listAccountsByLogWithOptions(request: ListAccountsByLogRequest, runtime: Util.RuntimeOptions): ListAccountsByLogResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.cloudCode)) {
    body['CloudCode'] = request.cloudCode;
  }
  if (!Util.isUnset(request.logCodes)) {
    body['LogCodes'] = request.logCodes;
  }
  if (!Util.isUnset(request.prodCode)) {
    body['ProdCode'] = request.prodCode;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'ListAccountsByLog',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Query accounts by log.
 *
 * @param request ListAccountsByLogRequest
 * @return ListAccountsByLogResponse
 */
async function listAccountsByLog(request: ListAccountsByLogRequest): ListAccountsByLogResponse {
  var runtime = new Util.RuntimeOptions{};
  return listAccountsByLogWithOptions(request, runtime);
}

model ListAllProdsRequest {
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:

- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model ListAllProdsResponseBody = {
  data?: {
    currentPage?: int32(name='CurrentPage', description='The page number.', example='1'),
    pageSize?: int32(name='PageSize', description='The number of entries per page.', example='10'),
    prodList?: [ 
      {
        cloudCode?: string(name='CloudCode', description='The code of the cloud service provider. Valid values:

*   qcloud: Tencent Cloud.
*   aliyun: Alibaba Cloud.
*   hcloud: Huawei Cloud.', example='hcloud'),
        importedLogCount?: int32(name='ImportedLogCount', description='The number of logs within the cloud service that are added to the threat analysis feature.', example='10'),
        modifyTime?: string(name='ModifyTime', description='The time when the logs within the cloud service were last added to the threat analysis feature.', example='2023-11-23 12:12:12'),
        prodCode?: string(name='ProdCode', description='The code of the cloud service.', example='sas'),
        totalLogCount?: int32(name='TotalLogCount', description='The total number of logs within the cloud service.', example='19'),
      }
    ](name='ProdList', description='The cloud services.', example='1'),
    totalCount?: int32(name='TotalCount', description='The total number of logs.', example='19'),
  }(name='Data', description='The data returned.'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-*****-55B2-87B9-74D413F7****'),
}

model ListAllProdsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListAllProdsResponseBody(name='body'),
}

/**
 * @summary Queries a list of cloud services that can be added to the threat analysis feature.
 *
 * @param request ListAllProdsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListAllProdsResponse
 */
async function listAllProdsWithOptions(request: ListAllProdsRequest, runtime: Util.RuntimeOptions): ListAllProdsResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'ListAllProds',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries a list of cloud services that can be added to the threat analysis feature.
 *
 * @param request ListAllProdsRequest
 * @return ListAllProdsResponse
 */
async function listAllProds(request: ListAllProdsRequest): ListAllProdsResponse {
  var runtime = new Util.RuntimeOptions{};
  return listAllProdsWithOptions(request, runtime);
}

model ListAutomateResponseConfigsRequest {
  actionType?: string(name='ActionType', description='The type of the handling action. Valid values:

*   doPlaybook: runs a playbook.
*   changeEventStatus: changes the status of an event.
*   changeThreatLevel: changes the risk level of an event.', example='doPlaybook'),
  autoResponseType?: string(name='AutoResponseType', description='The type of the automated response rule. Valid values:

*   event
*   alert', example='event'),
  currentPage?: int32(name='CurrentPage', description='The page number. Pages start from page 1.

This parameter is required.', example='1'),
  id?: long(name='Id', description='The ID of the automated response rule.', example='123'),
  pageSize?: int32(name='PageSize', description='The number of entries per page. Maximum value: 100.

This parameter is required.', example='10'),
  playbookUuid?: string(name='PlaybookUuid', description='The UUID of the playbook.', example='system_aliyun_aegis_kill_quara_book'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
  ruleName?: string(name='RuleName', description='The name of the automated response rule.', example='cfw kill quara book'),
  status?: int32(name='Status', description='The status of the rule. Valid values:

*   0: disabled
*   100: enabled', example='0'),
  subUserId?: long(name='SubUserId', description='The ID of the user who created the rule.', example='17108579417****'),
}

model ListAutomateResponseConfigsResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: {
    pageInfo?: {
      currentPage?: int32(name='CurrentPage', description='The current page number.', example='1'),
      pageSize?: int32(name='PageSize', description='The number of entries per page.', example='10'),
      totalCount?: long(name='TotalCount', description='The total number of entries returned.', example='100'),
    }(name='PageInfo', description='The pagination information.'),
    responseData?: [ 
      {
        actionConfig?: string(name='ActionConfig', description='The configuration of the action that is performed after the automated response rule is hit. The value is in the JSON format.', example='[
      {
            "actionType": "doPlaybook",
            "playbookName": "WafBlockIP",
            "playbookUuid": "bdad6220-6584-41b2-9704-fc6584568758"
      }
]'),
        actionType?: string(name='ActionType', description='The type of the handling action. Multiple types are separated by commas (,). Valid values:

*   **doPlaybook**: runs the playbook.
*   **changeEventStatus**: changes the event status.
*   **changeThreatLevel**: changes the risk level of the event.', example='doPlaybook,changeEventStatus'),
        aliuid?: long(name='Aliuid', description='The ID of the Alibaba Cloud account that is associated with the rule in SIEM.', example='127608589417****'),
        autoResponseType?: string(name='AutoResponseType', description='The type of the automated response rule. Valid values:

*   **event**
*   **alert**', example='event'),
        dataType?: int32(name='DataType', description='The type of the view. Valid values:

0: the current Alibaba Cloud account
1: the global account', example='1'),
        executionCondition?: string(name='ExecutionCondition', description='The trigger condition of the automated response rule. The value is in the JSON format.', example='[{"left":{"value":"alert_name"},"operator":"containsString","right":{"value":"webshell_online"}}]'),
        gmtCreate?: string(name='GmtCreate', description='The creation time.', example='2021-01-06 16:37:29'),
        gmtModified?: string(name='GmtModified', description='The update time.', example='2021-01-06 16:37:29'),
        id?: long(name='Id', description='The ID of the automated response rule.', example='123'),
        ruleName?: string(name='RuleName', description='The name of the automated response rule.', example='cfw kill quara book'),
        status?: int32(name='Status', description='The status of the rule. Valid values:

*   **0**: disabled.
*   **100**: enabled.', example='0'),
        subUserId?: long(name='SubUserId', description='The ID of the user who created the rule.', example='17108579417****'),
      }
    ](name='ResponseData', description='The detailed data.'),
  }(name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model ListAutomateResponseConfigsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListAutomateResponseConfigsResponseBody(name='body'),
}

/**
 * @summary Queries automated response rules.
 *
 * @param request ListAutomateResponseConfigsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListAutomateResponseConfigsResponse
 */
async function listAutomateResponseConfigsWithOptions(request: ListAutomateResponseConfigsRequest, runtime: Util.RuntimeOptions): ListAutomateResponseConfigsResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.actionType)) {
    body['ActionType'] = request.actionType;
  }
  if (!Util.isUnset(request.autoResponseType)) {
    body['AutoResponseType'] = request.autoResponseType;
  }
  if (!Util.isUnset(request.currentPage)) {
    body['CurrentPage'] = request.currentPage;
  }
  if (!Util.isUnset(request.id)) {
    body['Id'] = request.id;
  }
  if (!Util.isUnset(request.pageSize)) {
    body['PageSize'] = request.pageSize;
  }
  if (!Util.isUnset(request.playbookUuid)) {
    body['PlaybookUuid'] = request.playbookUuid;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  if (!Util.isUnset(request.ruleName)) {
    body['RuleName'] = request.ruleName;
  }
  if (!Util.isUnset(request.status)) {
    body['Status'] = request.status;
  }
  if (!Util.isUnset(request.subUserId)) {
    body['SubUserId'] = request.subUserId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'ListAutomateResponseConfigs',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries automated response rules.
 *
 * @param request ListAutomateResponseConfigsRequest
 * @return ListAutomateResponseConfigsResponse
 */
async function listAutomateResponseConfigs(request: ListAutomateResponseConfigsRequest): ListAutomateResponseConfigsResponse {
  var runtime = new Util.RuntimeOptions{};
  return listAutomateResponseConfigsWithOptions(request, runtime);
}

model ListBindAccountRequest {
  cloudCode?: string(name='CloudCode', description='The code of the cloud service provider. Valid values:

*   qcloud: Tencent Cloud
*   aliyun: Alibaba Cloud
*   hcloud: Huawei Cloud

This parameter is required.', example='hcloud'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor'),
  roleType?: int32(name='RoleType'),
}

model ListBindAccountResponseBody = {
  data?: [ 
    {
      accessId?: string(name='AccessId', description='The AccessKey ID of the cloud account.', example='ABCXXXXXXXX'),
      accountId?: string(name='AccountId', description='The ID of the cloud account.', example='123xxxxxxx'),
      accountName?: string(name='AccountName', description='The username of the cloud account.', example='sas_account_xxx'),
      bindId?: long(name='BindId', description='The ID that is generated when the cloud account is added.', example='123xxxxxxx'),
      cloudCode?: string(name='CloudCode', description='The code of the cloud service provider. Valid values:

*   qcloud: Tencent Cloud
*   aliyun: Alibaba Cloud
*   hcloud: Huawei Cloud', example='hcloud'),
      createUser?: string(name='CreateUser', description='The ID of the account that is used to add the cloud account.', example='123xxxxxxx'),
      dataSourceCount?: long(name='DataSourceCount', description='The number of data sources that are added to the threat analysis feature within the cloud account.', example='2'),
      modifyTime?: string(name='ModifyTime', description='The modification time.', example='2023-11-10 12:20:35'),
    }
  ](name='Data', description='The data returned.'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-*****-55B2-87B9-74D413F7****'),
}

model ListBindAccountResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListBindAccountResponseBody(name='body'),
}

/**
 * @summary Queries a list of cloud accounts that are added to the threat analysis feature.
 *
 * @param request ListBindAccountRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListBindAccountResponse
 */
async function listBindAccountWithOptions(request: ListBindAccountRequest, runtime: Util.RuntimeOptions): ListBindAccountResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.cloudCode)) {
    body['CloudCode'] = request.cloudCode;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'ListBindAccount',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries a list of cloud accounts that are added to the threat analysis feature.
 *
 * @param request ListBindAccountRequest
 * @return ListBindAccountResponse
 */
async function listBindAccount(request: ListBindAccountRequest): ListBindAccountResponse {
  var runtime = new Util.RuntimeOptions{};
  return listBindAccountWithOptions(request, runtime);
}

model ListBindDataSourcesRequest {
  accountId?: string(name='AccountId', description='The ID of the cloud account.

This parameter is required.', example='123xxxxxxx'),
  cloudCode?: string(name='CloudCode', description='The code of the cloud service provider.

Valid values:

*   qcloud
*   hcloud
*   aliyun

This parameter is required.', example='hcloud'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
}

model ListBindDataSourcesResponseBody = {
  data?: [ 
    {
      accountId?: string(name='AccountId', description='The ID of the cloud account.', example='123xxxxxxx'),
      accountName?: string(name='AccountName', description='The username of the cloud account.', example='sas_tq_account_xxxx'),
      cloudCode?: string(name='CloudCode', description='The code of the cloud service provider. Valid values:

*   qcloud: Tencent Cloud
*   aliyun: Alibaba Cloud
*   hcloud: Huawei Cloud', example='hcloud'),
      dataSourceInstanceId?: string(name='DataSourceInstanceId', description='The ID of the data source. The ID is an MD5 hash value that is calculated by the threat analysis feature based on specific parameters.', example='220ba97c9d1fdb0b9c7e8c7ca328d7ea'),
      dataSourceName?: string(name='DataSourceName', description='The name of the data source.', example='waf_kafka'),
      dataSourceRemark?: string(name='DataSourceRemark', description='The remarks on the data source.', example='waf_kafka'),
      dataSourceType?: string(name='DataSourceType', description='The type of the data source. Valid values:

*   obs: Huawei Cloud Object Storage Service (OBS)
*   wafApi: download API of Tencent Cloud Web Application Firewall (WAF)
*   ckafka: Tencent Cloud Kafka (CKafka)', example='obs'),
      logCount?: int32(name='LogCount', description='The number of logs that are added within the data source.', example='1'),
      taskCount?: int32(name='TaskCount', description='The number of existing tasks that are created to add logs within the data source.', example='0'),
    }
  ](name='Data', description='The data returned.'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-*****-55B2-87B9-74D413F7****'),
}

model ListBindDataSourcesResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListBindDataSourcesResponseBody(name='body'),
}

/**
 * @summary Queries a list of data sources that are added to the threat analysis feature.
 *
 * @param request ListBindDataSourcesRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListBindDataSourcesResponse
 */
async function listBindDataSourcesWithOptions(request: ListBindDataSourcesRequest, runtime: Util.RuntimeOptions): ListBindDataSourcesResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.accountId)) {
    body['AccountId'] = request.accountId;
  }
  if (!Util.isUnset(request.cloudCode)) {
    body['CloudCode'] = request.cloudCode;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'ListBindDataSources',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries a list of data sources that are added to the threat analysis feature.
 *
 * @param request ListBindDataSourcesRequest
 * @return ListBindDataSourcesResponse
 */
async function listBindDataSources(request: ListBindDataSourcesRequest): ListBindDataSourcesResponse {
  var runtime = new Util.RuntimeOptions{};
  return listBindDataSourcesWithOptions(request, runtime);
}

model ListCloudSiemCustomizeRulesRequest {
  alertType?: string(name='AlertType', description='The alert type.', example='scan'),
  currentPage?: int32(name='CurrentPage', description='The page number. Pages start from page 1.

This parameter is required.', example='1'),
  endTime?: long(name='EndTime', description='The end of the time range to query. Unit: milliseconds.', example='1577808000000'),
  id?: string(name='Id', description='The ID of the custom rule.', example='10223'),
  order?: string(name='Order', description='The sort method. Valid values:

*   desc: descending order.
*   asc: ascending order.', example='desc'),
  orderField?: string(name='OrderField', description='The field that is used to sort the rules. Valid values:

*   GmtModified: The rules are sorted based on the modification time.
*   Id (default): The rules are sorted based on the rule ID.', example='Id'),
  pageSize?: int32(name='PageSize', description='The number of entries per page. The value can be up to 100.

This parameter is required.', example='10'),
  regionId?: string(name='RegionId', description='The data management center of the threat analysis feature. Specify this parameter based on the regions in which your assets reside. Valid values:

*   **cn-hangzhou**: Your assets reside in regions in China.
*   **ap-southeast-1**: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the destination account to which you switch the view from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:

*   0: view of the current Alibaba Cloud account.
*   1: view of all accounts for the enterprise.', example='0'),
  ruleName?: string(name='RuleName', description='The name of the rule. The name can contain letters, digits, underscores (_), and periods (.).', example='waf_scan'),
  ruleType?: string(name='RuleType', description='The type of the rule. Valid values:

*   **predefine**
*   **customize**', example='customize'),
  startTime?: long(name='StartTime', description='The beginning of the time range to query. Unit: milliseconds.', example='1577808000000'),
  status?: int32(name='Status', description='The status of the rule. Valid values:

*   **0**: The rule is in the initial state.
*   **10**: The simulation data is tested.
*   **15**: The business data is being tested.
*   **20**: The business data test is complete.
*   **100**: The rule is in effect.', example='0'),
  threatLevel?: [ string ](name='ThreatLevel', description='The threat level. The value must be a JSON array. Valid values:

*   **serious**: high-risk.
*   **suspicious**: medium-risk.
*   **remind**: low-risk.', example='["serious","suspicious","remind"]'),
}

model ListCloudSiemCustomizeRulesResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: {
    pageInfo?: {
      currentPage?: int32(name='CurrentPage', description='The current page number.', example='1'),
      pageSize?: int32(name='PageSize', description='The number of entries per page.', example='10'),
      totalCount?: long(name='TotalCount', description='The total number of entries returned.', example='100'),
    }(name='PageInfo', description='The pagination information.'),
    responseData?: [ 
      {
        alertType?: string(name='AlertType', description='The type of the risk.', example='WEBSHELL'),
        alertTypeMds?: string(name='AlertTypeMds', description='The internal code of the risk type.', example='${siem_rule_type_process_abnormal_command}'),
        aliuid?: long(name='Aliuid', description='The ID of the Alibaba Cloud account in SIEM.', example='127608589417****'),
        attCk?: string(name='AttCk', description='The alert additional field for ATT\\\\&CK.', example='T1595.002 Vulnerability Scanning'),
        dataType?: int32(name='DataType', description='The type of the view. Valid values:

0: view of the current Alibaba Cloud account. 1: view of all accounts for the enterprise.', example='1'),
        eventTransferExt?: string(name='EventTransferExt', description='The extended information about event generation. If the value of **eventTransferType** is **allToSingle**, the value of this parameter indicates the length and unit of the alert aggregation window. The HTML escape characters are reversed.', example='{&quot;time&quot;:&quot;1&quot;,&quot;unit&quot;:&quot;MINUTE&quot;}'),
        eventTransferSwitch?: int32(name='EventTransferSwitch', description='Indicates whether the system generates an event for the alert. Valid values:

*   **0**: no.
*   **1**: yes.', example='1'),
        eventTransferType?: string(name='EventTransferType', description='The method that is used to generate an event. Valid values:

*   **default**: built-in method.
*   **singleToSingle**: The system generates an event for each alert.
*   **allToSingle**: The system generates an event for alerts within a period of time.', example='allToSingle'),
        gmtCreate?: string(name='GmtCreate', description='The time when the custom rule was created.', example='2021-01-06 16:37:29'),
        gmtModified?: string(name='GmtModified', description='The time when the custom rule was last updated.', example='2021-01-06 16:37:29'),
        id?: long(name='Id', description='The ID of the custom rule.', example='123456789'),
        logSource?: string(name='LogSource', description='The log source of the rule.', example='cloud_siem_aegis_sas_alert'),
        logSourceMds?: string(name='LogSourceMds', description='The internal code of the log source.', example='${sas.cloudsiem.prod.cloud_siem_aegis_sas_alert}'),
        logType?: string(name='LogType', description='The log type of the rule.', example='ALERT_ACTIVITY'),
        logTypeMds?: string(name='LogTypeMds', description='The internal code of the log type.', example='${sas.cloudsiem.prod.alert_activity}'),
        queryCycle?: string(name='QueryCycle', description='The window length of the rule. The HTML escape characters are reversed.', example='{&quot;time&quot;:&quot;1&quot;,&quot;unit&quot;:&quot;HOUR&quot;}'),
        ruleCondition?: string(name='RuleCondition', description='The query condition of the rule. The value is in the JSON format. The HTML escape characters are reversed.', example='[[{&quot;not&quot;:false,&quot;left&quot;:&quot;alert_name&quot;,&quot;operator&quot;:&quot;=&quot;,&quot;right&quot;:&quot;WEBSHELL&quot;}]]'),
        ruleDesc?: string(name='RuleDesc', description='The description of the rule.', example='this rule is for waf scan'),
        ruleGroup?: string(name='RuleGroup', description='The log aggregation field. The value is in the JSON format. The HTML escape characters are reversed.', example='[&quot;asset_id&quot;]'),
        ruleName?: string(name='RuleName', description='The name of the rule.', example='waf_scan'),
        ruleThreshold?: string(name='RuleThreshold', description='The threshold configurations of the rule in the JSON format. The HTML escape characters are reversed.', example='{&quot;aggregateFunction&quot;:&quot;count&quot;,&quot;aggregateFunctionName&quot;:&quot;count&quot;,&quot;field&quot;:&quot;activity_name&quot;,&quot;operator&quot;:&quot;&lt;=&quot;,&quot;value&quot;:1}'),
        ruleType?: string(name='RuleType', description='The type of the rule. Valid values:

*   **predefine**
*   **customize**', example='customize'),
        status?: int32(name='Status', description='The status of the rule. Valid values:

*   **0**: The rule is in the initial state.
*   **10**: The simulation data is tested.
*   **15**: The business data is being tested.
*   **20**: The business data test is complete.
*   **100**: The rule is in effect.', example='0'),
        threatLevel?: string(name='ThreatLevel', description='The risk level. Valid values:

*   **serious**: high-risk.
*   **suspicious**: medium-risk.
*   **remind**: low-risk.', example='remind'),
      }
    ](name='ResponseData', description='The detailed data.'),
  }(name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   **true**
*   **false**', example='true'),
}

model ListCloudSiemCustomizeRulesResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListCloudSiemCustomizeRulesResponseBody(name='body'),
}

/**
 * @summary Queries custom rules.
 *
 * @param request ListCloudSiemCustomizeRulesRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListCloudSiemCustomizeRulesResponse
 */
async function listCloudSiemCustomizeRulesWithOptions(request: ListCloudSiemCustomizeRulesRequest, runtime: Util.RuntimeOptions): ListCloudSiemCustomizeRulesResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.alertType)) {
    body['AlertType'] = request.alertType;
  }
  if (!Util.isUnset(request.currentPage)) {
    body['CurrentPage'] = request.currentPage;
  }
  if (!Util.isUnset(request.endTime)) {
    body['EndTime'] = request.endTime;
  }
  if (!Util.isUnset(request.id)) {
    body['Id'] = request.id;
  }
  if (!Util.isUnset(request.order)) {
    body['Order'] = request.order;
  }
  if (!Util.isUnset(request.orderField)) {
    body['OrderField'] = request.orderField;
  }
  if (!Util.isUnset(request.pageSize)) {
    body['PageSize'] = request.pageSize;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  if (!Util.isUnset(request.ruleName)) {
    body['RuleName'] = request.ruleName;
  }
  if (!Util.isUnset(request.ruleType)) {
    body['RuleType'] = request.ruleType;
  }
  if (!Util.isUnset(request.startTime)) {
    body['StartTime'] = request.startTime;
  }
  if (!Util.isUnset(request.status)) {
    body['Status'] = request.status;
  }
  if (!Util.isUnset(request.threatLevel)) {
    body['ThreatLevel'] = request.threatLevel;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'ListCloudSiemCustomizeRules',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries custom rules.
 *
 * @param request ListCloudSiemCustomizeRulesRequest
 * @return ListCloudSiemCustomizeRulesResponse
 */
async function listCloudSiemCustomizeRules(request: ListCloudSiemCustomizeRulesRequest): ListCloudSiemCustomizeRulesResponse {
  var runtime = new Util.RuntimeOptions{};
  return listCloudSiemCustomizeRulesWithOptions(request, runtime);
}

model ListCloudSiemPredefinedRulesRequest {
  alertType?: string(name='AlertType', description='The alert type.', example='scan'),
  attCk?: string(name='AttCk', description='The ATT\\\\&CK information.', example='T1595.002 Vulnerability Scanning'),
  currentPage?: int32(name='CurrentPage', description='The page number. Pages start from page 1.

This parameter is required.', example='1'),
  endTime?: long(name='EndTime', description='The end of the time range to query. Unit: milliseconds.', example='1577808000000'),
  eventTransferType?: string(name='EventTransferType', description='The method that is used to generate an event. Valid values:

*   default: built-in method.
*   singleToSingle: The system generates an event for each alert.
*   allToSingle: The system generates an event for alerts within a period of time.', example='allToSingle'),
  id?: string(name='Id', description='The ID of the rule.', example='10223'),
  logSource?: string(name='LogSource', description='The log source.', example='cloud_siem_aegis_sas_alert'),
  order?: string(name='Order', description='The sort method. Valid values:

*   desc: descending order.
*   asc: ascending order.', example='desc'),
  orderField?: string(name='OrderField', description='The field that is used to sort the rules. Valid values:

*   GmtModified: The rules are sorted based on the modification time.
*   Id (default): The rules are sorted based on the rule ID.', example='Id'),
  pageSize?: int32(name='PageSize', description='The number of entries per page. Maximum value: 100.

This parameter is required.', example='10'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the destination account to which you switch the view from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view.

*   0: view of the current Alibaba Cloud account.
*   1: view of all accounts for the enterprise.', example='1'),
  ruleName?: string(name='RuleName', description='The name of the rule. The name can contain letters, digits, underscores (_), and periods (.).', example='waf_scan'),
  ruleType?: string(name='RuleType', description='The type of the rule. Valid values:

*   predefine
*   customize', example='customize'),
  startTime?: long(name='StartTime', description='The beginning of the time range to query. Unit: milliseconds.', example='1577808000000'),
  status?: int32(name='Status', description='The status of the rule. Valid values:

*   0: The rule is in the initial state.
*   10: The simulation data is tested.
*   15: The business data is being tested.
*   20: The business data test ends.
*   100: The rule takes effect.', example='0'),
  threatLevel?: [ string ](name='ThreatLevel', description='The risk level. The value is a JSON array. Valid values:

*   serious: high
*   suspicious: medium
*   remind: low', example='["serious","suspicious","remind"]'),
}

model ListCloudSiemPredefinedRulesResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: {
    pageInfo?: {
      currentPage?: int32(name='CurrentPage', description='The current page number.', example='1'),
      pageSize?: int32(name='PageSize', description='The number of entries per page.', example='10'),
      totalCount?: long(name='TotalCount', description='The total number of entries returned.', example='100'),
    }(name='PageInfo', description='The pagination information.'),
    responseData?: [ 
      {
        alertType?: string(name='AlertType', description='The type of the risk.', example='WEBSHELL'),
        attCk?: string(name='AttCk', description='The alert additional field for ATT\\\\&CK.', example='T1595.002 Vulnerability Scanning'),
        eventTransferType?: string(name='EventTransferType', description='The method that is used to generate an event. Valid values:

*   default: built-in method.
*   singleToSingle: The system generates an event for each alert.
*   allToSingle: The system generates an event for alerts within a period of time.', example='allToSingle'),
        gmtCreate?: string(name='GmtCreate', description='The time when the rule was created.', example='2021-01-06 16:37:29'),
        gmtModified?: string(name='GmtModified', description='The time when the rule was modified.', example='2021-01-06 16:37:29'),
        id?: long(name='Id', description='The ID of the predefined rule.', example='123456789'),
        ruleDescMds?: string(name='RuleDescMds', description='The internal code of the rule description.', example='${siem_rule_description_siem_cfw-attack-count-level-up_cfw-attack}'),
        ruleName?: string(name='RuleName', description='The name of the rule.', example='siem_base64-command-exec_aegis-proc'),
        ruleNameCn?: string(name='RuleNameCn', description='The rule name in Chinese.', example='siem_base64-command-exec_aegis-proc'),
        ruleNameEn?: string(name='RuleNameEn', description='The rule name in English.', example='siem_base64-command-exec_aegis-proc'),
        ruleNameMds?: string(name='RuleNameMds', description='The internal code of the rule name.', example='${siem_rule_name_siem_cfw-attack-count-level-up_cfw-attack}'),
        source?: string(name='Source', description='The log source of the rule.', example='cloud_siem_aegis_proc'),
        status?: int32(name='Status', description='The status of the predefined rule. Valid values:

*   0: The rule is in the initial state.
*   100: The rule takes effect.', example='0'),
        threatLevel?: string(name='ThreatLevel', description='The risk level. Valid values:

*   serious: high.
*   suspicious: medium.
*   remind: low.', example='remind'),
      }
    ](name='ResponseData', description='The detailed data.'),
  }(name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model ListCloudSiemPredefinedRulesResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListCloudSiemPredefinedRulesResponseBody(name='body'),
}

/**
 * @summary Queries predefined rules.
 *
 * @param request ListCloudSiemPredefinedRulesRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListCloudSiemPredefinedRulesResponse
 */
async function listCloudSiemPredefinedRulesWithOptions(request: ListCloudSiemPredefinedRulesRequest, runtime: Util.RuntimeOptions): ListCloudSiemPredefinedRulesResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.alertType)) {
    body['AlertType'] = request.alertType;
  }
  if (!Util.isUnset(request.attCk)) {
    body['AttCk'] = request.attCk;
  }
  if (!Util.isUnset(request.currentPage)) {
    body['CurrentPage'] = request.currentPage;
  }
  if (!Util.isUnset(request.endTime)) {
    body['EndTime'] = request.endTime;
  }
  if (!Util.isUnset(request.eventTransferType)) {
    body['EventTransferType'] = request.eventTransferType;
  }
  if (!Util.isUnset(request.id)) {
    body['Id'] = request.id;
  }
  if (!Util.isUnset(request.logSource)) {
    body['LogSource'] = request.logSource;
  }
  if (!Util.isUnset(request.order)) {
    body['Order'] = request.order;
  }
  if (!Util.isUnset(request.orderField)) {
    body['OrderField'] = request.orderField;
  }
  if (!Util.isUnset(request.pageSize)) {
    body['PageSize'] = request.pageSize;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  if (!Util.isUnset(request.ruleName)) {
    body['RuleName'] = request.ruleName;
  }
  if (!Util.isUnset(request.ruleType)) {
    body['RuleType'] = request.ruleType;
  }
  if (!Util.isUnset(request.startTime)) {
    body['StartTime'] = request.startTime;
  }
  if (!Util.isUnset(request.status)) {
    body['Status'] = request.status;
  }
  if (!Util.isUnset(request.threatLevel)) {
    body['ThreatLevel'] = request.threatLevel;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'ListCloudSiemPredefinedRules',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries predefined rules.
 *
 * @param request ListCloudSiemPredefinedRulesRequest
 * @return ListCloudSiemPredefinedRulesResponse
 */
async function listCloudSiemPredefinedRules(request: ListCloudSiemPredefinedRulesRequest): ListCloudSiemPredefinedRulesResponse {
  var runtime = new Util.RuntimeOptions{};
  return listCloudSiemPredefinedRulesWithOptions(request, runtime);
}

model ListCustomizeRuleTestResultRequest {
  currentPage?: int32(name='CurrentPage', description='The page number. Pages start from page 1.

This parameter is required.', example='1'),
  id?: long(name='Id', description='The ID of the rule.', example='123456789'),
  pageSize?: int32(name='PageSize', description='The number of entries per page. Valid values: 1 to 100.

This parameter is required.', example='10'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model ListCustomizeRuleTestResultResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: {
    pageInfo?: {
      currentPage?: int32(name='CurrentPage', description='The current page number.', example='1'),
      pageSize?: int32(name='PageSize', description='The number of entries per page.', example='10'),
      totalCount?: long(name='TotalCount', description='The total number of entries returned.', example='100'),
    }(name='PageInfo', description='The pagination information.'),
    responseData?: [ 
      {
        alertDesc?: string(name='AlertDesc', description='The description of the alert.', example='The account you logged in this time is not in the legal account category defined by you. Please confirm the legality of the login behavior.'),
        alertDetail?: string(name='AlertDetail', description='The alert details in the JSON format.', example='{"main_user_id": "165295629792****";"log_uuid_count": "99";"attack_ip": "218.92.XX.XX"}'),
        alertSrcProd?: string(name='AlertSrcProd', description='The source of the alert.', example='sas'),
        alertSrcProdModule?: string(name='AlertSrcProdModule', description='The sub-module of the source.', example='waf'),
        attCk?: string(name='AttCk', description='The tag of the ATT\\\\&CK attack.', example='T1595.002 Vulnerability Scanning'),
        eventName?: string(name='EventName', description='The name of the alert, which corresponds to the name of the custom rule.', example='waf_scan'),
        eventType?: string(name='EventType', description='The threat type, which indicates the alert type.', example='WEBSHELL'),
        level?: string(name='Level', description='The threat level. Valid values:

*   serious: high.
*   suspicious: medium.
*   remind: low.', example='remind'),
        logSource?: string(name='LogSource', description='The log source of the rule.', example='cloud_siem_aegis_sas_alert'),
        logTime?: string(name='LogTime', description='The time when the alert was recorded.', example='2021-01-06 16:37:29'),
        logType?: string(name='LogType', description='The log type of the rule.', example='ALERT_ACTIVITY'),
        mainUserId?: string(name='MainUserId', description='The ID of the Alibaba Cloud account that is associated with the alert in SIEM.', example='127608589417****'),
        onlineStatus?: string(name='OnlineStatus', description='The status of the alert data. Valid values:

*   test: business test data.
*   online: online data.', example='test'),
        subUserId?: string(name='SubUserId', description='The ID of the Alibaba Cloud account within which the alert is generated.', example='176555323***'),
        uuid?: string(name='Uuid', description='The UUID of the alert.', example='sas_71e24437d2797ce8fc59692905a4****'),
      }
    ](name='ResponseData', description='The detailed data.'),
  }(name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model ListCustomizeRuleTestResultResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListCustomizeRuleTestResultResponseBody(name='body'),
}

/**
 * @summary Queries the test results of a custom rule.
 *
 * @param request ListCustomizeRuleTestResultRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListCustomizeRuleTestResultResponse
 */
async function listCustomizeRuleTestResultWithOptions(request: ListCustomizeRuleTestResultRequest, runtime: Util.RuntimeOptions): ListCustomizeRuleTestResultResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.currentPage)) {
    body['CurrentPage'] = request.currentPage;
  }
  if (!Util.isUnset(request.id)) {
    body['Id'] = request.id;
  }
  if (!Util.isUnset(request.pageSize)) {
    body['PageSize'] = request.pageSize;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'ListCustomizeRuleTestResult',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the test results of a custom rule.
 *
 * @param request ListCustomizeRuleTestResultRequest
 * @return ListCustomizeRuleTestResultResponse
 */
async function listCustomizeRuleTestResult(request: ListCustomizeRuleTestResultRequest): ListCustomizeRuleTestResultResponse {
  var runtime = new Util.RuntimeOptions{};
  return listCustomizeRuleTestResultWithOptions(request, runtime);
}

model ListDataSourceLogsRequest {
  accountId?: string(name='AccountId', description='The ID of the cloud account.

This parameter is required.', example='123xxxxxx'),
  cloudCode?: string(name='CloudCode', description='The code that is used for multi-cloud environments. Valid values:

*   qcloud: Tencent Cloud
*   aliyun: Alibaba Cloud
*   hcloud: Huawei Cloud

This parameter is required.', example='hcloud'),
  dataSourceInstanceId?: string(name='DataSourceInstanceId', description='The ID of the data source. The value is obtained after the threat analysis feature calculates the MD5 hash value of a parameter.

This parameter is required.', example='220ba97c9d1fdb0b9c7e8c7ca328d7ea'),
  regionId?: string(name='RegionId', description='The data management center of the threat analysis feature. Specify this parameter based on the region where your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions inside China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
}

model ListDataSourceLogsResponseBody = {
  data?: {
    accountId?: string(name='AccountId', description='The ID of the cloud account.', example='123xxxxxxx'),
    cloudCode?: string(name='CloudCode', description='The code that is used for multi-cloud environments. Valid values:

*   qcloud: Tencent Cloud
*   aliyun: Alibaba Cloud
*   hcloud: Huawei Cloud', example='hcloud'),
    dataSourceInstanceId?: string(name='DataSourceInstanceId', description='The ID of the data source. The value is obtained after the threat analysis feature calculates the MD5 hash value of a parameter.', example='220ba97c9d1fdb0b9c7e8c7ca328d7ea'),
    dataSourceInstanceLogs?: [ 
      {
        logCode?: string(name='LogCode', description='The code of the log.', example='cloud_siem_waf_xxxxx'),
        logInstanceId?: string(name='LogInstanceId', description='The ID of the log. The value is obtained after the threat analysis feature calculates the MD5 hash value of a parameter.', example='220ba97c9d1fdb0b9c7e8c7ca328d7ea'),
        logMdsCode?: string(name='LogMdsCode', description='The display code of the log.', example='${siem.prod.cloud_siem_waf_xxxxx}'),
        logParams?: [ 
          {
            paraCode?: string(name='ParaCode', description='The parameter code of the log.', example='region_code'),
            paraValue?: string(name='ParaValue', description='The parameter value of the log.', example='ap-guangzhou'),
          }
        ](name='LogParams', description='The parameters of the log.'),
        taskStatus?: int32(name='TaskStatus', description='Indicates whether the task for which logs are collected is enabled. Valid values:

*   1: yes
*   0: no', example='1'),
      }
    ](name='DataSourceInstanceLogs', description='The logs of the data source.'),
    dataSourceInstanceName?: string(name='DataSourceInstanceName', description='The name of the data source.', example='waf kafka'),
    dataSourceInstanceRemark?: string(name='DataSourceInstanceRemark', description='The remarks of the data source.', example='waf kafka'),
    subUserId?: long(name='SubUserId', description='The ID of the Alibaba Cloud account.', example='123XXXXXXXX'),
  }(name='Data', description='The data returned.'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-*****-55B2-87B9-74D413F7****'),
}

model ListDataSourceLogsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListDataSourceLogsResponseBody(name='body'),
}

/**
 * @summary Queries the logs of a data source.
 *
 * @param request ListDataSourceLogsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListDataSourceLogsResponse
 */
async function listDataSourceLogsWithOptions(request: ListDataSourceLogsRequest, runtime: Util.RuntimeOptions): ListDataSourceLogsResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.accountId)) {
    body['AccountId'] = request.accountId;
  }
  if (!Util.isUnset(request.cloudCode)) {
    body['CloudCode'] = request.cloudCode;
  }
  if (!Util.isUnset(request.dataSourceInstanceId)) {
    body['DataSourceInstanceId'] = request.dataSourceInstanceId;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'ListDataSourceLogs',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the logs of a data source.
 *
 * @param request ListDataSourceLogsRequest
 * @return ListDataSourceLogsResponse
 */
async function listDataSourceLogs(request: ListDataSourceLogsRequest): ListDataSourceLogsResponse {
  var runtime = new Util.RuntimeOptions{};
  return listDataSourceLogsWithOptions(request, runtime);
}

model ListDataSourceTypesRequest {
  cloudCode?: string(name='CloudCode', description='The code of the third-party cloud service.

Valid values:

*   qcloud
*   hcloud

This parameter is required.', example='hcloud'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
}

model ListDataSourceTypesResponseBody = {
  data?: [ 
    {
      cloudCode?: string(name='CloudCode', description='The code of the third-party cloud service.', example='hcloud'),
      dataSourceType?: string(name='DataSourceType', description='The type of the data source. Valid values:

*   obs: Huawei Cloud Object Storage Service (OBS)
*   wafApi: download API of Tencent Cloud Web Application Firewall (WAF)
*   ckafka: Tencent Cloud Kafka (CKafka)', example='obs'),
    }
  ](name='Data', description='The data returned.'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-*****-55B2-87B9-74D413F7****'),
}

model ListDataSourceTypesResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListDataSourceTypesResponseBody(name='body'),
}

/**
 * @summary Queries a list of data source types in third-party cloud services that can be added to the threat analysis feature.
 *
 * @param request ListDataSourceTypesRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListDataSourceTypesResponse
 */
async function listDataSourceTypesWithOptions(request: ListDataSourceTypesRequest, runtime: Util.RuntimeOptions): ListDataSourceTypesResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.cloudCode)) {
    body['CloudCode'] = request.cloudCode;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'ListDataSourceTypes',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries a list of data source types in third-party cloud services that can be added to the threat analysis feature.
 *
 * @param request ListDataSourceTypesRequest
 * @return ListDataSourceTypesResponse
 */
async function listDataSourceTypes(request: ListDataSourceTypesRequest): ListDataSourceTypesResponse {
  var runtime = new Util.RuntimeOptions{};
  return listDataSourceTypesWithOptions(request, runtime);
}

model ListDeliveryRequest {
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model ListDeliveryResponseBody = {
  data?: {
    dashboardUrl?: string(name='DashboardUrl', description='The URL that is displayed in charts.', example='https://sls4service.console.aliyun.com/lognext/project/aliyun-cloudsiem-data-127608589417****-cn-shanghai
/dashboard/cloud-siem?isShare=true&hideTopbar=true&hideSidebar=true&ignoreTabLocalStorage=true'),
    displaySwitchOrNot?: boolean(name='DisplaySwitchOrNot', description='Indicates whether the log delivery switch is displayed. Default value: true. Valid values:

*   true
*   false', example='true'),
    logStoreName?: string(name='LogStoreName', description='The name of the Logstore for the threat analysis feature on the user side. The value is in the cloud_siem format.', example='cloud-siem'),
    productList?: [ 
      {
        logList?: [ 
          {
            canOperateOrNot?: boolean(name='CanOperateOrNot', description='Indicates whether the log delivery feature can be enabled or disabled. The feature can be enabled or disabled only by the administrator of the threat analysis feature. Valid values:

*   true
*   false', example='true'),
            extraParameters?: [ 
              {
                key?: string(name='Key', description='The ID of the extended parameter.', example='flag'),
                value?: string(name='Value', description='The value of the extended parameter.', example='value'),
              }
            ](name='ExtraParameters', description='The extended parameter.'),
            logCode?: string(name='LogCode', description='The code of the log.', example='cloud_siem_config_log'),
            logName?: string(name='LogName', description='This parameter is deprecated.', example='audit log'),
            logNameEn?: string(name='LogNameEn', description='This parameter is deprecated.', example='audit log'),
            logNameKey?: string(name='LogNameKey', description='The language code of the log that is used to indicate the language in which the log is displayed.', example='${sas.cloudsiem.prod.cloud_siem_aegis_crack_from_beaver}'),
            status?: boolean(name='Status', description='The status of the log delivery. Valid values:

*   true: The logs are being delivered.
*   false: The log delivery feature is disabled.', example='true'),
            topic?: string(name='Topic', description='The topic of the log in the Logstore. The value is an index field in the Logstore that can be used to distinguish different logs.', example='sas_login_event'),
          }
        ](name='LogList', description='The logs of the cloud services.'),
        logMap?: map[string][ DataProductListLogMapValue         ](name='LogMap', description='The log group. For example, in Security Center, the logs of hosts and networks are stored in different groups. Key indicates the group information, and value indicates the logs in the group.'),
        productCode?: string(name='ProductCode', description='The code of the cloud service. Valid values:

*   qcloud_waf
*   qlcoud_cfw
*   hcloud_waf
*   hcloud_cfw
*   ddos
*   sas
*   cfw
*   config
*   csk
*   fc
*   rds
*   nas
*   apigateway
*   cdn
*   mongodb
*   eip
*   slb
*   vpc
*   actiontrail
*   waf
*   bastionhost
*   oss
*   polardb', example='sas'),
        productName?: string(name='ProductName', description='This parameter is deprecated.', example='Security Center'),
      }
    ](name='ProductList', description='The cloud services.'),
    projectName?: string(name='ProjectName', description='The name of the project for the threat analysis feature in Simple Log service on the user side. The value is in the aliyun-cloudsiem-data-${aliUid}-${region} format.', example='aliyun-cloudsiem-data-127608589417****-cn-shanghai'),
    searchUrl?: string(name='SearchUrl', description='The URL that is used for log analysis.', example='https://sls4service.console.aliyun.com/lognext/project/aliyun-cloudsiem-data-127608589417****-cn-shanghai
/logsearch/cloud-siem?isShare=true&hideTopbar=true&hideSidebar=true&ignoreTabLocalStorage=true'),
  }(name='Data', description='The response parameters.'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-58D4-55B2-87B9-74D413F7****'),
}

model ListDeliveryResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListDeliveryResponseBody(name='body'),
}

/**
 * @summary Queries the information about the cloud services that are integrated with the threat analysis feature, the logs of the cloud services, and the delivery of the logs.
 *
 * @param request ListDeliveryRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListDeliveryResponse
 */
async function listDeliveryWithOptions(request: ListDeliveryRequest, runtime: Util.RuntimeOptions): ListDeliveryResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'ListDelivery',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the information about the cloud services that are integrated with the threat analysis feature, the logs of the cloud services, and the delivery of the logs.
 *
 * @param request ListDeliveryRequest
 * @return ListDeliveryResponse
 */
async function listDelivery(request: ListDeliveryRequest): ListDeliveryResponse {
  var runtime = new Util.RuntimeOptions{};
  return listDeliveryWithOptions(request, runtime);
}

model ListDisposeStrategyRequest {
  currentPage?: int32(name='CurrentPage', description='The page number. Pages start from page 1.

This parameter is required.', example='1'),
  effectiveStatus?: int32(name='EffectiveStatus', description='The status of the policy. Valid values:

*   0: invalid
*   1: valid', example='0'),
  endTime?: long(name='EndTime', description='The end of the time range to query. Unit: milliseconds.

This parameter is required.', example='1577808000000'),
  entityIdentity?: string(name='EntityIdentity', description='The feature value of the entity. Fuzzy match is supported.', example='test22.php'),
  entityType?: string(name='EntityType', description='The entity type of the playbook. Valid values:

*   ip
*   process
*   file', example='ip'),
  order?: string(name='Order', description='The sort order. Valid values:

*   desc: descending order.
*   asc: ascending order.', example='desc'),
  orderField?: string(name='OrderField', description='The sort field. Valid values:

*   GmtModified: sorts the policies by update time.
*   GmtCreate: sorts the policies by creation time.
*   FinishTime: sorts the policies by end time.', example='GmtModified'),
  pageSize?: int32(name='PageSize', description='The number of entries per page. Maximum value: 100.

This parameter is required.', example='10'),
  playbookName?: string(name='PlaybookName', description='The name of the playbook, which is the unique identifier of the playbook.', example='WafBlockIP'),
  playbookTypes?: string(name='PlaybookTypes', description='The type of the playbook. Valid values:

*   system: user-triggered playbook
*   custom: event-triggered playbook
*   custom_alert: alert-triggered playbook
*   soar-manual: user-run playbook
*   soar-mdr: MDR-run playbook', example='system'),
  playbookUuid?: string(name='PlaybookUuid', description='The UUID of the playbook.', example='system_aliyun_clb_process_book'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
  sophonTaskId?: string(name='SophonTaskId', description='The ID of the SOAR handling policy.', example='a50a49b7-6044-4593-ab15-2b46567caadd'),
  startTime?: long(name='StartTime', description='The beginning of the time range to query. Unit: milliseconds.

This parameter is required.', example='1577808000000'),
}

model ListDisposeStrategyResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: {
    pageInfo?: {
      currentPage?: int32(name='CurrentPage', description='The current page number.', example='1'),
      pageSize?: int32(name='PageSize', description='The number of entries per page.', example='10'),
      totalCount?: long(name='TotalCount', description='The total number of entries returned.', example='100'),
    }(name='PageInfo', description='The pagination information.'),
    responseData?: [ 
      {
        alertUuid?: string(name='AlertUuid', description='The UUID of the alert.', example='sas_71e24437d2797ce8fc59692905a4****'),
        aliuid?: long(name='Aliuid', description='The ID of the Alibaba Cloud account that is associated with the policy in SIEM.', example='127608589417****'),
        effectiveStatus?: int32(name='EffectiveStatus', description='The status of the policy. Valid values:

*   0: invalid
*   1: valid', example='0'),
        entity?: [ any ](name='Entity', description='The details of the entity. The value is a JSON array.', example='[{"ip":"1.1.1.1"}]'),
        entityId?: long(name='EntityId', description='The ID of the entity.', example='123456789'),
        entityType?: string(name='EntityType', description='The type of the entity. Valid values:

*   ip
*   process
*   file', example='ip'),
        errorMessage?: string(name='ErrorMessage', description='The summary information about the failed task.', example='DisposalEntity failed which description is Aegis Quarantine File , return_info failed which description is Check Aegis Process Result , [ERROR DETAIL] *******.php:file not found'),
        finishTime?: string(name='FinishTime', description='The end time of the task.', example='2021-08-10 21:34:07'),
        gmtCreate?: string(name='GmtCreate', description='The creation time.', example='2021-01-06 16:37:29'),
        gmtModified?: string(name='GmtModified', description='The update time.', example='2021-01-06 16:37:29'),
        id?: long(name='Id', description='The ID of the policy.', example='123'),
        incidentName?: string(name='IncidentName', description='The name of the event.', example='Multiple type of alerts, including Miner Network, Command line download and run malicious files, Backdoor Process, etc'),
        incidentUuid?: string(name='IncidentUuid', description='The UUID of the event.', example='85ea4241-798f-4684-a876-65d4f0c3****'),
        playbookName?: string(name='PlaybookName', description='The name of the playbook, which is the unique identifier of the playbook.', example='WafBlockIP'),
        playbookType?: string(name='PlaybookType', description='The type of the playbook. Valid values:

*   system: user-triggered playbook
*   custom: event-triggered playbook
*   custom_alert: alert-triggered playbook
*   soar-manual: user-run playbook
*   soar-mdr: MDR-run playbook', example='system'),
        playbookUuid?: string(name='PlaybookUuid', description='The UUID of the playbook.', example='system_aliyun_clb_process_book'),
        scope?: [ any ](name='Scope', description='The scope of the policy.', example='[{ aliUid: 1766185894104675 }]'),
        sophonTaskId?: string(name='SophonTaskId', description='The ID of the SOAR handling policy.', example='577bbf90-a770-44a7-8154-586aa2d318fa'),
        status?: int32(name='Status', description='The running status of the playbook. Valid values:

*   200: successful
*   10: deleted
*   5: failed
*   0: initial', example='10'),
        subAliuid?: long(name='SubAliuid', description='The ID of the Alibaba account that is used to configure the policy.', example='176555323***'),
        taskParam?: string(name='TaskParam', description='The parameters that are used to trigger the playbook. The value is in the JSON format.', example='{
      "file": {
            "op_code": "2",
            "file_path": "/root/alert0913/a886.jsp",
            "entity_type": "file",
            "entity_name": "a886.jsp",
            "file_name": "a886.jsp",
            "file_owner": "USER:,GROUP:",
            "hash_value": "5def10c9a4287d0920d86b42420b20b0",
            "op_level": "2",
            "entity_id": "/root/alert0913/a886.jsp",
            "host_uuid": {
                  "entity_type": "host",
                  "entity_name": "N/A",
                  "is_comprised": "1",
                  "os_type": "linux",
                  "entity_id": "5f58ef67-8803-4314-8d67-c87dc92b****",
                  "host_uuid": "5f58ef67-8803-4314-8d67-c87dc92b****",
                  "host_name": "N/A"
            },
            "malware_type": "${aliyun.siem.sas.alert_tag.webshell}"
      },
      "_sys_siem": {
            "cloudCode": "aliyun",
            "alertId": "89416745494****"
      },
      "scope": [
            {
                  "aliUid": 1766185894104****
            }
      ]
}'),
      }
    ](name='ResponseData', description='The detailed data.'),
  }(name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model ListDisposeStrategyResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListDisposeStrategyResponseBody(name='body'),
}

/**
 * @summary Queries handling policies.
 *
 * @param request ListDisposeStrategyRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListDisposeStrategyResponse
 */
async function listDisposeStrategyWithOptions(request: ListDisposeStrategyRequest, runtime: Util.RuntimeOptions): ListDisposeStrategyResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.currentPage)) {
    body['CurrentPage'] = request.currentPage;
  }
  if (!Util.isUnset(request.effectiveStatus)) {
    body['EffectiveStatus'] = request.effectiveStatus;
  }
  if (!Util.isUnset(request.endTime)) {
    body['EndTime'] = request.endTime;
  }
  if (!Util.isUnset(request.entityIdentity)) {
    body['EntityIdentity'] = request.entityIdentity;
  }
  if (!Util.isUnset(request.entityType)) {
    body['EntityType'] = request.entityType;
  }
  if (!Util.isUnset(request.order)) {
    body['Order'] = request.order;
  }
  if (!Util.isUnset(request.orderField)) {
    body['OrderField'] = request.orderField;
  }
  if (!Util.isUnset(request.pageSize)) {
    body['PageSize'] = request.pageSize;
  }
  if (!Util.isUnset(request.playbookName)) {
    body['PlaybookName'] = request.playbookName;
  }
  if (!Util.isUnset(request.playbookTypes)) {
    body['PlaybookTypes'] = request.playbookTypes;
  }
  if (!Util.isUnset(request.playbookUuid)) {
    body['PlaybookUuid'] = request.playbookUuid;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  if (!Util.isUnset(request.sophonTaskId)) {
    body['SophonTaskId'] = request.sophonTaskId;
  }
  if (!Util.isUnset(request.startTime)) {
    body['StartTime'] = request.startTime;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'ListDisposeStrategy',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries handling policies.
 *
 * @param request ListDisposeStrategyRequest
 * @return ListDisposeStrategyResponse
 */
async function listDisposeStrategy(request: ListDisposeStrategyRequest): ListDisposeStrategyResponse {
  var runtime = new Util.RuntimeOptions{};
  return listDisposeStrategyWithOptions(request, runtime);
}

model ListImportedLogsByProdRequest {
  cloudCode?: string(name='CloudCode', description='The code of the cloud service provider. Valid values:

*   qcloud: Tencent Cloud.
*   aliyun: Alibaba Cloud.
*   hcloud: Huawei Cloud.

This parameter is required.', example='hcloud'),
  prodCode?: string(name='ProdCode', description='The code of the cloud service.

This parameter is required.', example='qcloud_waf'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model ListImportedLogsByProdResponseBody = {
  data?: [ 
    {
      autoImported?: int32(name='AutoImported', description='Indicates whether the log is automatically added to the threat analysis feature within newly added accounts. Valid values:

*   1: yes.
*   0: no.', example='2023-11-23 12:30:00'),
      cloudCode?: string(name='CloudCode', description='The code of the cloud service provider. Valid values:

*   qcloud: Tencent Cloud.
*   aliyun: Alibaba Cloud.
*   hcloud: Huawei Cloud.', example='hcloud'),
      imported?: int32(name='Imported', description='Indicates whether the log is added to the threat analysis feature. Valid values:

*   1: yes.
*   0: no.', example='2023-11-23 12:30:00'),
      importedUserCount?: int32(name='ImportedUserCount', description='The number of users who have added the log.', example='2'),
      logCode?: string(name='LogCode', description='The code of the log.', example='cloud_siem_waf_xxxxx'),
      logMdsCode?: string(name='LogMdsCode', description='The display code of the log.', example='${siem.prod. cloud_siem_waf_xxxxx}'),
      logType?: int32(name='LogType', description='The type of log. Valid values:
 - 1: the log produced by other product
 - 2: the predefined log
 - 3: the custom log', example='1'),
      modifyTime?: string(name='ModifyTime', description='The time when the log was last added.', example='2023-11-23 12:30:00'),
      prodCode?: string(name='ProdCode', description='The code of the cloud service to which the log belongs.', example='qcloud_waf'),
      totalUserCount?: int32(name='TotalUserCount', description='The total number of users who have the log.', example='5'),
      unImportedUserCount?: int32(name='UnImportedUserCount', description='The number of users who have not added the log.', example='3'),
    }
  ](name='Data', description='The data returned.'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-*****-55B2-87B9-74D413F7****'),
}

model ListImportedLogsByProdResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListImportedLogsByProdResponseBody(name='body'),
}

/**
 * @summary Queries the details of the logs in a cloud service that is added to the threat analysis feature.
 *
 * @param request ListImportedLogsByProdRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListImportedLogsByProdResponse
 */
async function listImportedLogsByProdWithOptions(request: ListImportedLogsByProdRequest, runtime: Util.RuntimeOptions): ListImportedLogsByProdResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.cloudCode)) {
    body['CloudCode'] = request.cloudCode;
  }
  if (!Util.isUnset(request.prodCode)) {
    body['ProdCode'] = request.prodCode;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'ListImportedLogsByProd',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the details of the logs in a cloud service that is added to the threat analysis feature.
 *
 * @param request ListImportedLogsByProdRequest
 * @return ListImportedLogsByProdResponse
 */
async function listImportedLogsByProd(request: ListImportedLogsByProdRequest): ListImportedLogsByProdResponse {
  var runtime = new Util.RuntimeOptions{};
  return listImportedLogsByProdWithOptions(request, runtime);
}

model ListOperationRequest {
  regionId?: string(name='RegionId', description='The data management center of the threat analysis feature. Specify this parameter based on the region where your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in the Chinese mainland or in the China (Hong Kong) region.
*   ap-southeast-1: Your assets reside in regions outside the Chinese mainland, excluding the China (Hong Kong) region.', example='cn-hangzhou'),
}

model ListOperationResponseBody = {
  data?: {
    adminOrNot?: boolean(name='AdminOrNot', description='Indicates whether the user is an administrator. Valid values:

*   true
*   false', example='true'),
    operationList?: [ string ](name='OperationList', description='The resources on which the permissions are granted.'),
  }(name='Data', description='The response parameters.'),
  requestId?: string(name='RequestId', description='The request ID.', example='CCEEE128-6607-503E-AAA6-C5E57D94****'),
}

model ListOperationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListOperationResponseBody(name='body'),
}

/**
 * @summary Queries the resource-related permissions granted to the current user. The threat analysis feature supports two types of identities: administrators and common members. An administrator is granted all permissions, and a common member is granted permissions to access only specific resources.
 *
 * @param request ListOperationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListOperationResponse
 */
async function listOperationWithOptions(request: ListOperationRequest, runtime: Util.RuntimeOptions): ListOperationResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'ListOperation',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the resource-related permissions granted to the current user. The threat analysis feature supports two types of identities: administrators and common members. An administrator is granted all permissions, and a common member is granted permissions to access only specific resources.
 *
 * @param request ListOperationRequest
 * @return ListOperationResponse
 */
async function listOperation(request: ListOperationRequest): ListOperationResponse {
  var runtime = new Util.RuntimeOptions{};
  return listOperationWithOptions(request, runtime);
}

model ListProjectLogStoresRequest {
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  sourceLogCode?: string(name='SourceLogCode', description='The log code.

This parameter is required.', example='cloud_siem_aegis_proc'),
  sourceProdCode?: string(name='SourceProdCode', description='The code of the cloud service.

This parameter is required.', example='sas'),
  subUserId?: long(name='SubUserId', description='The ID of the Alibaba Cloud account.

This parameter is required.', example='123XXXXXXXX'),
}

model ListProjectLogStoresResponseBody = {
  data?: [ 
    {
      endPoint?: string(name='EndPoint', description='The endpoint of the Simple Log Service project.', example='cn-hangzhou.log.aliyuncs.com'),
      localName?: string(name='LocalName', description='The name of the region in which the Simple Log Service project resides.', example='hangzhou'),
      logStore?: string(name='LogStore', description='The name of the Simple Log Service Logstore.', example='cloud-siem-logstore'),
      mainUserId?: long(name='MainUserId', description='The ID of the Alibaba Cloud account that is used to purchase the threat analysis feature.', example='123XXXXXXXXX'),
      project?: string(name='Project', description='The name of the Simple Log Service project.', example='cloud-siem-project'),
      regionId?: string(name='RegionId', description='The ID of the region in which the Simple Log Service project resides.', example='cn-hangzhou'),
      subUserId?: long(name='SubUserId', description='The ID of the Alibaba Cloud account that can be used to perform operations supported by the threat analysis feature.', example='123XXXXXXXX'),
      subUserName?: string(name='SubUserName', description='The username of the Alibaba Cloud account that can be used to perform operations supported by the threat analysis feature.', example='sas_account_xxxx'),
    }
  ](name='Data', description='The data returned.'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-*****-55B2-87B9-74D413F7****'),
}

model ListProjectLogStoresResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListProjectLogStoresResponseBody(name='body'),
}

/**
 * @summary Queries the dedicated Simple Log Service project and Logstore for a cloud service based on the patterns of the project and Logstore names.
 *
 * @param request ListProjectLogStoresRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListProjectLogStoresResponse
 */
async function listProjectLogStoresWithOptions(request: ListProjectLogStoresRequest, runtime: Util.RuntimeOptions): ListProjectLogStoresResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.sourceLogCode)) {
    body['SourceLogCode'] = request.sourceLogCode;
  }
  if (!Util.isUnset(request.sourceProdCode)) {
    body['SourceProdCode'] = request.sourceProdCode;
  }
  if (!Util.isUnset(request.subUserId)) {
    body['SubUserId'] = request.subUserId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'ListProjectLogStores',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the dedicated Simple Log Service project and Logstore for a cloud service based on the patterns of the project and Logstore names.
 *
 * @param request ListProjectLogStoresRequest
 * @return ListProjectLogStoresResponse
 */
async function listProjectLogStores(request: ListProjectLogStoresRequest): ListProjectLogStoresResponse {
  var runtime = new Util.RuntimeOptions{};
  return listProjectLogStoresWithOptions(request, runtime);
}

model ListQuickQueryRequest {
  offset?: int32(name='Offset', description='The line from which the query starts. Default value: 0.', example='0'),
  pageSize?: int32(name='PageSize', description='The number of entries per page. Valid values: 1 to 500.

This parameter is required.', example='50'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the region where your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions inside the Chinese mainland or in the China (Hong Kong) region.
*   ap-southeast-1: Your assets reside in regions outside the Chinese mainland, excluding the China (Hong Kong) region.', example='cn-hangzhou'),
}

model ListQuickQueryResponseBody = {
  data?: {
    count?: int32(name='Count', description='The number of saved searches per page.', example='10'),
    quickQueryList?: [ 
      {
        displayName?: string(name='DisplayName', description='The alias of the saved search.', example='no_1_created_search_used_for_dispaly_ip'),
        query?: string(name='Query', description='The query statement corresponding to the saved search.', example='* and SamplerAddress:\\\\"172.18.1.1\\\\" and OutIf:\\\\"105\\\\"'),
        searchName?: string(name='SearchName', description='The name of the saved search.', example='data_analysis'),
      }
    ](name='QuickQueryList', description='The saved search.'),
    total?: int32(name='Total', description='The total number of saved searches that meet the query conditions.', example='101'),
  }(name='Data', description='The response parameters.'),
  requestId?: string(name='RequestId', description='The request ID.', example='F375A043-4F5B-55F2-A564-CC47FFC6****'),
}

model ListQuickQueryResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListQuickQueryResponseBody(name='body'),
}

/**
 * @summary Queries the saved searches of the Logstore.
 *
 * @param request ListQuickQueryRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListQuickQueryResponse
 */
async function listQuickQueryWithOptions(request: ListQuickQueryRequest, runtime: Util.RuntimeOptions): ListQuickQueryResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.offset)) {
    body['Offset'] = request.offset;
  }
  if (!Util.isUnset(request.pageSize)) {
    body['PageSize'] = request.pageSize;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'ListQuickQuery',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the saved searches of the Logstore.
 *
 * @param request ListQuickQueryRequest
 * @return ListQuickQueryResponse
 */
async function listQuickQuery(request: ListQuickQueryRequest): ListQuickQueryResponse {
  var runtime = new Util.RuntimeOptions{};
  return listQuickQueryWithOptions(request, runtime);
}

model ListRdUsersRequest {
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
}

model ListRdUsersResponseBody = {
  data?: [ 
    {
      delegatedOrNot?: boolean(name='DelegatedOrNot', description='Indicates whether the account can be used to view the logs and alerts within the account.', example='true'),
      joined?: boolean(name='Joined', description='Indicates whether the account is added to the threat analysis feature for centralized management. Valid values:

*   true
*   false', example='true'),
      joinedTime?: string(name='JoinedTime', description='The time when the account was added to the threat analysis feature.', example='2013-10-01 00:00:00'),
      mainUserId?: long(name='MainUserId', description='The ID of the Alibaba Cloud account that is used to purchase the threat analysis feature.', example='123XXXXXXXXX'),
      subUserId?: long(name='SubUserId', description='The ID of the Alibaba Cloud account that is used to perform operations supported by the threat analysis feature.', example='123XXXXXXXX'),
      subUserName?: string(name='SubUserName', description='The username of the Alibaba Cloud account that can be used to perform operations supported by the threat analysis feature.', example='sas_account_xxx'),
    }
  ](name='Data', description='The data returned.'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-*****-55B2-87B9-74D413F7****'),
}

model ListRdUsersResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListRdUsersResponseBody(name='body'),
}

/**
 * @summary Queries a list of Alibaba Cloud accounts that are added to the threat analysis feature for centralized management. These accounts can be used to perform operations supported by the threat analysis feature, such as adding logs and handling events.
 *
 * @param request ListRdUsersRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListRdUsersResponse
 */
async function listRdUsersWithOptions(request: ListRdUsersRequest, runtime: Util.RuntimeOptions): ListRdUsersResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'ListRdUsers',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries a list of Alibaba Cloud accounts that are added to the threat analysis feature for centralized management. These accounts can be used to perform operations supported by the threat analysis feature, such as adding logs and handling events.
 *
 * @param request ListRdUsersRequest
 * @return ListRdUsersResponse
 */
async function listRdUsers(request: ListRdUsersRequest): ListRdUsersResponse {
  var runtime = new Util.RuntimeOptions{};
  return listRdUsersWithOptions(request, runtime);
}

model ListUserProdLogsRequest {
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='管理员切换成其他成员视角的用户ID。', example='113091674488****'),
  roleType?: int32(name='RoleType', description='视图类型。

- 0：当前阿里云账号视图。
- 1：企业下所有账号的视图。', example='1'),
  sourceLogCode?: string(name='SourceLogCode', description='The log code.

This parameter is required.', example='cloud_siem_aegis_proc'),
  sourceProdCode?: string(name='SourceProdCode', description='The code of the cloud service.

This parameter is required.', example='sas'),
}

model ListUserProdLogsResponseBody = {
  data?: [ 
    {
      displayLine?: string(name='DisplayLine', description='The display details of the Logstore.', example='cn-shanghai.siem-project.siem-logstore'),
      displayed?: boolean(name='Displayed', description='Indicates whether the details of the added log are returned. Valid values:

*   true
*   false', example='true'),
      imported?: boolean(name='Imported', description='Indicates whether the log is added to the threat analysis feature. Valid values:

*   true
*   false', example='true'),
      isDeleted?: int32(name='IsDeleted', description='Indicates whether the log is added to the threat analysis feature. Valid values:

*   0: yes
*   1: no', example='0'),
      mainUserId?: long(name='MainUserId', description='The ID of the Alibaba Cloud account that is used to purchase the threat analysis feature.', example='123XXXXXXXXX'),
      sourceLogCode?: string(name='SourceLogCode', description='The log code.', example='cloud_siem_aegis_proc'),
      sourceLogInfo?: string(name='SourceLogInfo', description='The details of the Logstore. The value is a JSON string.', example='{"project":"wafnew-project-1335759343513432-cn-hangzhou","logStore":"wafnew-logstore","regionCode":"cn-hangzhou","prodCode":"waf"}'),
      sourceProdCode?: string(name='SourceProdCode', description='The code of the cloud service.', example='sas'),
      subUserId?: long(name='SubUserId', description='The ID of the Alibaba Cloud account that can be used to perform operations supported by the threat analysis feature.', example='123XXXXXXXX'),
      subUserName?: string(name='SubUserName', description='The username of the Alibaba Cloud account that can be used to perform operations supported by the threat analysis feature.', example='sas_account_xxx'),
    }
  ](name='Data', description='The data returned.'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-*****-55B2-87B9-74D413F7****'),
}

model ListUserProdLogsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListUserProdLogsResponseBody(name='body'),
}

/**
 * @summary Queries a list of logs that are added to the threat analysis feature by cloud service.
 *
 * @param request ListUserProdLogsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListUserProdLogsResponse
 */
async function listUserProdLogsWithOptions(request: ListUserProdLogsRequest, runtime: Util.RuntimeOptions): ListUserProdLogsResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  if (!Util.isUnset(request.sourceLogCode)) {
    body['SourceLogCode'] = request.sourceLogCode;
  }
  if (!Util.isUnset(request.sourceProdCode)) {
    body['SourceProdCode'] = request.sourceProdCode;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'ListUserProdLogs',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries a list of logs that are added to the threat analysis feature by cloud service.
 *
 * @param request ListUserProdLogsRequest
 * @return ListUserProdLogsResponse
 */
async function listUserProdLogs(request: ListUserProdLogsRequest): ListUserProdLogsResponse {
  var runtime = new Util.RuntimeOptions{};
  return listUserProdLogsWithOptions(request, runtime);
}

model ListUsersByProdRequest {
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', example='113091674488****'),
  roleType?: int32(name='RoleType', example='1'),
  sourceProdCode?: string(name='SourceProdCode', description='The code of the cloud service.

This parameter is required.', example='sas'),
}

model ListUsersByProdResponseBody = {
  data?: [ 
    {
      cloudCode?: string(name='CloudCode', description='The code of the cloud service provider. Valid values:

*   qcloud: Tencent Cloud.
*   aliyun: Alibaba Cloud.
*   hcloud: Huawei Cloud.', example='hcloud'),
      imported?: boolean(name='Imported', description='Indicates whether the log is added to the threat analysis feature.', example='true'),
      logMdsCode?: string(name='LogMdsCode', description='The display log code. The value varies based on your console settings.', example='${siem.xxx.xxxxxxxxx}'),
      mainUserId?: long(name='MainUserId', description='The ID of the Alibaba Cloud account that is used to purchase the threat analysis feature.', example='123XXXXXXXXX'),
      sourceLogCode?: string(name='SourceLogCode', description='The log code.', example='cloud_siem_aegis_proc'),
      sourceLogName?: string(name='SourceLogName', description='The log name.', example='the process startup log'),
      sourceProdCode?: string(name='SourceProdCode', description='The code of the cloud service.', example='sas'),
      subUserId?: long(name='SubUserId', description='The ID of the Alibaba Cloud account for threat analysis.', example='123XXXXXXXX'),
      subUserName?: string(name='SubUserName', description='The display name of the Alibaba Cloud account for threat analysis.', example='sas_account_xxx'),
    }
  ](name='Data', description='The data returned.'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-*****-55B2-87B9-74D413F7****'),
}

model ListUsersByProdResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListUsersByProdResponseBody(name='body'),
}

/**
 * @summary Queries the details of the logs that are added to the threat analysis feature by cloud service.
 *
 * @param request ListUsersByProdRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListUsersByProdResponse
 */
async function listUsersByProdWithOptions(request: ListUsersByProdRequest, runtime: Util.RuntimeOptions): ListUsersByProdResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  if (!Util.isUnset(request.sourceProdCode)) {
    body['SourceProdCode'] = request.sourceProdCode;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'ListUsersByProd',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the details of the logs that are added to the threat analysis feature by cloud service.
 *
 * @param request ListUsersByProdRequest
 * @return ListUsersByProdResponse
 */
async function listUsersByProd(request: ListUsersByProdRequest): ListUsersByProdResponse {
  var runtime = new Util.RuntimeOptions{};
  return listUsersByProdWithOptions(request, runtime);
}

model ModifyBindAccountRequest {
  accessId?: string(name='AccessId', description='The AccessKey ID of the cloud account.', example='ABCXXXXXXXXX'),
  accountId?: string(name='AccountId', description='The ID of the cloud account.

This parameter is required.', example='123xxxxxxx'),
  accountName?: string(name='AccountName', description='The username of the cloud account.', example='sas_account_xxx'),
  bindId?: long(name='BindId', description='The ID that is generated by the system when the account is added. You can call the ListBindAccount operation to query the ID.

This parameter is required.', example='123'),
  cloudCode?: string(name='CloudCode', description='The code of the cloud service provider.

This parameter is required.', example='hcloud'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor'),
  roleType?: int32(name='RoleType'),
}

model ModifyBindAccountResponseBody = {
  data?: {
    count?: int32(name='Count', description='The number of the accounts that are modified. The value 1 indicates that the modification is successful, and a value less than or equal to 0 indicates that the modification failed.', example='1'),
  }(name='Data', description='The data returned.'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-*****-55B2-87B9-74D413F7****'),
}

model ModifyBindAccountResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ModifyBindAccountResponseBody(name='body'),
}

/**
 * @summary Modifies a third-party cloud account that is added to the threat analysis feature.
 *
 * @param request ModifyBindAccountRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ModifyBindAccountResponse
 */
async function modifyBindAccountWithOptions(request: ModifyBindAccountRequest, runtime: Util.RuntimeOptions): ModifyBindAccountResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.accessId)) {
    body['AccessId'] = request.accessId;
  }
  if (!Util.isUnset(request.accountId)) {
    body['AccountId'] = request.accountId;
  }
  if (!Util.isUnset(request.accountName)) {
    body['AccountName'] = request.accountName;
  }
  if (!Util.isUnset(request.bindId)) {
    body['BindId'] = request.bindId;
  }
  if (!Util.isUnset(request.cloudCode)) {
    body['CloudCode'] = request.cloudCode;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'ModifyBindAccount',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Modifies a third-party cloud account that is added to the threat analysis feature.
 *
 * @param request ModifyBindAccountRequest
 * @return ModifyBindAccountResponse
 */
async function modifyBindAccount(request: ModifyBindAccountRequest): ModifyBindAccountResponse {
  var runtime = new Util.RuntimeOptions{};
  return modifyBindAccountWithOptions(request, runtime);
}

model ModifyDataSourceRequest {
  accountId?: string(name='AccountId', description='The ID of the cloud account.', example='123xxxxxx'),
  cloudCode?: string(name='CloudCode', description='The code of the cloud service provider. Valid values:

*   qcloud: Tencent Cloud
*   aliyun: Alibaba Cloud
*   hcloud: Huawei Cloud

This parameter is required.', example='hcloud'),
  dataSourceInstanceId?: string(name='DataSourceInstanceId', description='The ID of the data source. The ID is an MD5 hash value that is calculated by the threat analysis feature based on specific parameters. You can call the [DescribeDataSourceInstance](https://api.aliyun-inc.com/#/publishment/document/cloud-siem/863fdf54478f4cc5877e27c2a5fe9e44?tenantUuid=f382fccd88b94c5c8c864def6815b854\\\\&activeTabKey=api%7CDescribeDataSourceInstance) operation to query the IDs of data sources.

This parameter is required.', example='220ba97c9d1fdb0b9c7e8c7ca328d7ea'),
  dataSourceInstanceName?: string(name='DataSourceInstanceName', description='The name of the data source.', example='beijing_waf_kafka'),
  dataSourceInstanceParams?: string(name='DataSourceInstanceParams', description='The parameters of the data source in the JSON string format.', example='[{"paraCode":"region_code","paraValue":"ap-guangzhou"}]'),
  dataSourceInstanceRemark?: string(name='DataSourceInstanceRemark', description='The remarks on the data source.', example='waf_alert_log'),
  dataSourceType?: string(name='DataSourceType', description='The type of the data source. Valid values:

*   ckafka: Tencent Cloud Kafka (CKafka)
*   obs: Huawei Cloud Object Storage Service (OBS)
*   wafApi: download API of Tencent Cloud Web Application Firewall (WAF)

This parameter is required.', example='obs'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
}

model ModifyDataSourceResponseBody = {
  data?: {
    count?: int32(name='Count', description='The number of data sources that are modified. The value 1 indicates that the modification is successful, and a value less than or equal to 0 indicates that the modification failed.', example='1'),
    dataSourceInstanceId?: string(name='DataSourceInstanceId', description='The ID of the data source. The ID is an MD5 hash value that is calculated by the threat analysis feature based on specific parameters.', example='220ba97c9d1fdb0b9c7e8c7ca328d7ea'),
  }(name='Data', description='The data returned.'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-*****-55B2-87B9-74D413F7****'),
}

model ModifyDataSourceResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ModifyDataSourceResponseBody(name='body'),
}

/**
 * @summary Modifies a data source that is added to the threat analysis feature.
 *
 * @param request ModifyDataSourceRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ModifyDataSourceResponse
 */
async function modifyDataSourceWithOptions(request: ModifyDataSourceRequest, runtime: Util.RuntimeOptions): ModifyDataSourceResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.accountId)) {
    body['AccountId'] = request.accountId;
  }
  if (!Util.isUnset(request.cloudCode)) {
    body['CloudCode'] = request.cloudCode;
  }
  if (!Util.isUnset(request.dataSourceInstanceId)) {
    body['DataSourceInstanceId'] = request.dataSourceInstanceId;
  }
  if (!Util.isUnset(request.dataSourceInstanceName)) {
    body['DataSourceInstanceName'] = request.dataSourceInstanceName;
  }
  if (!Util.isUnset(request.dataSourceInstanceParams)) {
    body['DataSourceInstanceParams'] = request.dataSourceInstanceParams;
  }
  if (!Util.isUnset(request.dataSourceInstanceRemark)) {
    body['DataSourceInstanceRemark'] = request.dataSourceInstanceRemark;
  }
  if (!Util.isUnset(request.dataSourceType)) {
    body['DataSourceType'] = request.dataSourceType;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'ModifyDataSource',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Modifies a data source that is added to the threat analysis feature.
 *
 * @param request ModifyDataSourceRequest
 * @return ModifyDataSourceResponse
 */
async function modifyDataSource(request: ModifyDataSourceRequest): ModifyDataSourceResponse {
  var runtime = new Util.RuntimeOptions{};
  return modifyDataSourceWithOptions(request, runtime);
}

model ModifyDataSourceLogRequest {
  accountId?: string(name='AccountId', description='The ID of the cloud account.', example='123xxxxxxx'),
  cloudCode?: string(name='CloudCode', description='The code of the cloud service provider. Valid values:

*   qcloud: Tencent Cloud
*   aliyun: Alibaba Cloud
*   hcloud: Huawei Cloud

This parameter is required.', example='hcloud'),
  dataSourceInstanceId?: string(name='DataSourceInstanceId', description='The ID of the data source. The ID is an MD5 hash value that is calculated by the threat analysis feature based on specific parameters. You can call the [DescribeDataSourceInstance](https://api.aliyun-inc.com/#/publishment/document/cloud-siem/863fdf54478f4cc5877e27c2a5fe9e44?tenantUuid=f382fccd88b94c5c8c864def6815b854\\\\&activeTabKey=api%7CDescribeDataSourceInstance) operation to query the IDs of data sources.

This parameter is required.', example='ef33097c9d1fdb0b9c7e8c7ca320pkl1'),
  dataSourceInstanceLogs?: string(name='DataSourceInstanceLogs', description='The parameters of the data source. Set this parameter to a JSON string.

This parameter is required.', example='[{"LogCode":"cloud_siem_qcloud_waf_alert_log","LogParas":"[{\\\\"ParaCode\\\\":\\\\"api_name\\\\",\\\\"ParaValue\\\\":\\\\"GetAttackDownloadRecords\\\\"}]"}]'),
  dataSourceType?: string(name='DataSourceType', description='The type of the data source. Valid values:

*   obs: Huawei Cloud Object Storage Service (OBS)
*   wafApi: download API of Tencent Cloud Web Application Firewall (WAF)
*   ckafka: Tencent Cloud Kafka (CKafka)', example='obs'),
  logCode?: string(name='LogCode', description='The log code.', example='cloud_siem_waf_xxxxx'),
  logInstanceId?: string(name='LogInstanceId', description='The ID of the log. The ID is an MD5 hash value that is calculated by the threat analysis feature based on specific parameters. You can call the [ListDataSourceLogs](https://api.aliyun-inc.com/#/publishment/document/cloud-siem/863fdf54478f4cc5877e27c2a5fe9e44?tenantUuid=f382fccd88b94c5c8c864def6815b854\\\\&activeTabKey=api%7CListDataSourceLogs) to query log IDs.

This parameter is required.', example='ef33097c9d1fdb0b9c7e8c7ca320pkl1'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
}

model ModifyDataSourceLogResponseBody = {
  data?: {
    count?: int32(name='Count', description='The number of logs that are modified. The value 1 indicates that the modification is successful, and a value less than or equal to 0 indicates that the modification failed.', example='1'),
    logInstanceId?: string(name='LogInstanceId', description='The ID of the log. The ID is an MD5 hash value that is calculated by the threat analysis feature based on specific parameters.', example='220ba97c9d1fdb0b9c7e8c7ca328d7ea'),
  }(name='Data', description='The data returned.'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-*****-55B2-87B9-74D413F7****'),
}

model ModifyDataSourceLogResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ModifyDataSourceLogResponseBody(name='body'),
}

/**
 * @summary Modifies the description of the logs that are added to the threat analysis feature for a data source within a cloud account.
 *
 * @param request ModifyDataSourceLogRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ModifyDataSourceLogResponse
 */
async function modifyDataSourceLogWithOptions(request: ModifyDataSourceLogRequest, runtime: Util.RuntimeOptions): ModifyDataSourceLogResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.accountId)) {
    body['AccountId'] = request.accountId;
  }
  if (!Util.isUnset(request.cloudCode)) {
    body['CloudCode'] = request.cloudCode;
  }
  if (!Util.isUnset(request.dataSourceInstanceId)) {
    body['DataSourceInstanceId'] = request.dataSourceInstanceId;
  }
  if (!Util.isUnset(request.dataSourceInstanceLogs)) {
    body['DataSourceInstanceLogs'] = request.dataSourceInstanceLogs;
  }
  if (!Util.isUnset(request.dataSourceType)) {
    body['DataSourceType'] = request.dataSourceType;
  }
  if (!Util.isUnset(request.logCode)) {
    body['LogCode'] = request.logCode;
  }
  if (!Util.isUnset(request.logInstanceId)) {
    body['LogInstanceId'] = request.logInstanceId;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'ModifyDataSourceLog',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Modifies the description of the logs that are added to the threat analysis feature for a data source within a cloud account.
 *
 * @param request ModifyDataSourceLogRequest
 * @return ModifyDataSourceLogResponse
 */
async function modifyDataSourceLog(request: ModifyDataSourceLogRequest): ModifyDataSourceLogResponse {
  var runtime = new Util.RuntimeOptions{};
  return modifyDataSourceLogWithOptions(request, runtime);
}

model OpenDeliveryRequest {
  logCode?: string(name='LogCode', description='The log code of the cloud service, such as the code of the process log for Security Center. This parameter is optional. If you leave this parameter empty, operations are performed on all logs of the cloud service.', example='cloud_siem_cfw_flow'),
  productCode?: string(name='ProductCode', description='The code of the cloud service. Valid values:

*   qcloud_waf
*   qlcoud_cfw
*   hcloud_waf
*   hcloud_cfw
*   ddos
*   sas
*   cfw
*   config
*   csk
*   fc
*   rds
*   nas
*   apigateway
*   cdn
*   mongodb
*   eip
*   slb
*   vpc
*   actiontrail
*   waf
*   bastionhost
*   oss
*   polardb

This parameter is required.', example='cfw'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the region where your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model OpenDeliveryResponseBody = {
  data?: boolean(name='Data', description='Indicates whether the log delivery feature is enabled. Valid values:

*   true
*   false', example='true'),
  requestId?: string(name='RequestId', description='The request ID.', example='15FD134E-D69B-51E8-B052-73F97BD8****'),
}

model OpenDeliveryResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: OpenDeliveryResponseBody(name='body'),
}

/**
 * @summary Enables the log delivery feature for a cloud service that is integrated with Simple Log Service.
 *
 * @param request OpenDeliveryRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return OpenDeliveryResponse
 */
async function openDeliveryWithOptions(request: OpenDeliveryRequest, runtime: Util.RuntimeOptions): OpenDeliveryResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.logCode)) {
    body['LogCode'] = request.logCode;
  }
  if (!Util.isUnset(request.productCode)) {
    body['ProductCode'] = request.productCode;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'OpenDelivery',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Enables the log delivery feature for a cloud service that is integrated with Simple Log Service.
 *
 * @param request OpenDeliveryRequest
 * @return OpenDeliveryResponse
 */
async function openDelivery(request: OpenDeliveryRequest): OpenDeliveryResponse {
  var runtime = new Util.RuntimeOptions{};
  return openDeliveryWithOptions(request, runtime);
}

model PostAutomateResponseConfigRequest {
  actionConfig?: string(name='ActionConfig', description='The action configuration of the automated response rule. The value is in the JSON format.', example='[
      {
            "actionType": "doPlaybook",
            "playbookName": "WafBlockIP",
            "playbookUuid": "bdad6220-6584-41b2-9704-fc6584568758"
      }
]'),
  actionType?: string(name='ActionType', description='The type of the handling action. Multiple types are separated by commas (,). Valid values:

*   **doPlaybook**: runs the playbook.
*   **changeEventStatus**: changes the event status.
*   **changeThreatLevel**: changes the threat level of the event.', example='doPlaybook,changeEventStatus'),
  autoResponseType?: string(name='AutoResponseType', description='The type of the automated response rule. Valid values:

*   **event**
*   **alert**', example='event'),
  executionCondition?: string(name='ExecutionCondition', description='The trigger condition of the automated response rule. The value is in the JSON format.', example='[{"left":{"value":"alert_name"},"operator":"containsString","right":{"value":"webshell_online"}}]'),
  id?: long(name='Id', description='The rule ID.', example='123'),
  regionId?: string(name='RegionId', description='The data management center of the threat analysis feature. Specify this parameter based on the regions in which your assets reside. Valid values:

*   **cn-hangzhou**: Your assets reside in regions in China.
*   **ap-southeast-1**: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
  ruleName?: string(name='RuleName', description='The rule name.', example='cfw kill quara book'),
  subUserId?: long(name='SubUserId', description='The ID of the user who created the rule.', example='17108579417****'),
}

model PostAutomateResponseConfigResponseBody = {
  code?: int32(name='Code', description='The HTTP status code that is returned.', example='200'),
  data?: string(name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   **true**
*   **false**', example='true'),
}

model PostAutomateResponseConfigResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: PostAutomateResponseConfigResponseBody(name='body'),
}

/**
 * @summary Creates or updates an automatic response rule.
 *
 * @param request PostAutomateResponseConfigRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return PostAutomateResponseConfigResponse
 */
async function postAutomateResponseConfigWithOptions(request: PostAutomateResponseConfigRequest, runtime: Util.RuntimeOptions): PostAutomateResponseConfigResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.actionConfig)) {
    body['ActionConfig'] = request.actionConfig;
  }
  if (!Util.isUnset(request.actionType)) {
    body['ActionType'] = request.actionType;
  }
  if (!Util.isUnset(request.autoResponseType)) {
    body['AutoResponseType'] = request.autoResponseType;
  }
  if (!Util.isUnset(request.executionCondition)) {
    body['ExecutionCondition'] = request.executionCondition;
  }
  if (!Util.isUnset(request.id)) {
    body['Id'] = request.id;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  if (!Util.isUnset(request.ruleName)) {
    body['RuleName'] = request.ruleName;
  }
  if (!Util.isUnset(request.subUserId)) {
    body['SubUserId'] = request.subUserId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'PostAutomateResponseConfig',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Creates or updates an automatic response rule.
 *
 * @param request PostAutomateResponseConfigRequest
 * @return PostAutomateResponseConfigResponse
 */
async function postAutomateResponseConfig(request: PostAutomateResponseConfigRequest): PostAutomateResponseConfigResponse {
  var runtime = new Util.RuntimeOptions{};
  return postAutomateResponseConfigWithOptions(request, runtime);
}

model PostCustomizeRuleRequest {
  alertType?: string(name='AlertType', description='The risk type.', example='WEBSHELL'),
  alertTypeMds?: string(name='AlertTypeMds', description='The internal code of the risk type.', example='${siem_rule_type_process_abnormal_command}'),
  attCk?: string(name='AttCk', description='att&ck.', example='T1595.002 Vulnerability Scanning'),
  eventTransferExt?: string(name='EventTransferExt', description='The extended information about event generation. If eventTransferType is set to allToSingle, the value of this parameter indicates the length and unit of the alert aggregation window.', example='{"time":"1","unit":"MINUTE"}'),
  eventTransferSwitch?: int32(name='EventTransferSwitch', description='Specifies whether to convert an alert to an event. Valid values:

*   0: no
*   1: yes', example='1'),
  eventTransferType?: string(name='EventTransferType', description='The event generation method. Valid values:

*   default: The default method is used.
*   singleToSingle: The system generates an event for each alert.
*   allToSingle: The system generates an event for alerts within a period of time.', example='allToSingle'),
  id?: long(name='Id', description='The ID of the rule.', example='123456789'),
  logSource?: string(name='LogSource', description='The log source of the rule.', example='cloud_siem_aegis_sas_alert'),
  logSourceMds?: string(name='LogSourceMds', description='The internal code of the log source.', example='${sas.cloudsiem.prod.cloud_siem_aegis_sas_alert}'),
  logType?: string(name='LogType', description='The log type of the rule.', example='ALERT_ACTIVITY'),
  logTypeMds?: string(name='LogTypeMds', description='The internal code of the log type.', example='${security_event_config.event_name.webshellName_clientav}'),
  queryCycle?: string(name='QueryCycle', description='The window length of the rule.', example='{"time":"1","unit":"HOUR"}'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
  ruleCondition?: string(name='RuleCondition', description='The query condition of the rule. The value is in the JSON format.', example='[[{"not":false,"left":"alert_name","operator":"=","right":"WEBSHELL"}]]'),
  ruleDesc?: string(name='RuleDesc', description='The description of the rule.', example='this rule is for waf scan'),
  ruleGroup?: string(name='RuleGroup', description='The log aggregation field of the rule. The value is a JSON string.', example='["asset_id"]'),
  ruleName?: string(name='RuleName', description='The name of the rule.', example='waf_scan'),
  ruleThreshold?: string(name='RuleThreshold', description='The threshold configuration of the rule. The value is in the JSON format.', example='{"aggregateFunction":"count","aggregateFunctionName":"count","field":"activity_name","operator":"&lt;=","value":1}'),
  threatLevel?: string(name='ThreatLevel', description='The risk level. Valid values:

*   serious: high
*   suspicious: medium
*   remind: low', example='remind'),
}

model PostCustomizeRuleResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: {
    alertType?: string(name='AlertType', description='The risk type.', example='WEBSHELL'),
    alertTypeMds?: string(name='AlertTypeMds', description='The internal code of the risk type.', example='${siem_rule_type_process_abnormal_command}'),
    aliuid?: long(name='Aliuid', description='The ID of the Alibaba Cloud account that is used to purchase the threat analysis feature.', example='127608589417****'),
    attCk?: string(name='AttCk', description='告警附加字段attck', example='T1595.002 Vulnerability Scanning'),
    dataType?: int32(name='DataType', description='自动化响应规则条件字段数据类型。', example='varchar'),
    eventTransferExt?: string(name='EventTransferExt', description='The extended information about event generation. If eventTransferType is set to allToSingle, the value of this parameter indicates the length and unit of the alert aggregation window. The HTML escape characters are reversed.', example='{&quot;time&quot;:&quot;1&quot;,&quot;unit&quot;:&quot;MINUTE&quot;}'),
    eventTransferSwitch?: int32(name='EventTransferSwitch', description='Indicates whether the system generates an event for the alert. Valid values:

*   0: no
*   1: yes', example='1'),
    eventTransferType?: string(name='EventTransferType', description='The event generation method. Valid values:

*   default: The default method is used.
*   singleToSingle: The system generates an event for each alert.
*   allToSingle: The system generates an event for alerts within a period of time.', example='allToSingle'),
    gmtCreate?: string(name='GmtCreate', description='The time when the custom rule was created.', example='2021-01-06 16:37:29'),
    gmtModified?: string(name='GmtModified', description='The time when the custom rule was last updated.', example='2021-01-06 16:37:29'),
    id?: long(name='Id', description='The ID of the custom rule.', example='123456789'),
    logSource?: string(name='LogSource', description='The log source of the rule.', example='cloud_siem_aegis_sas_alert'),
    logSourceMds?: string(name='LogSourceMds', description='The internal code of the log source.', example='${sas.cloudsiem.prod.cloud_siem_aegis_sas_alert}'),
    logType?: string(name='LogType', description='The log type of the rule.', example='ALERT_ACTIVITY'),
    logTypeMds?: string(name='LogTypeMds', description='The internal code of the log type.', example='${security_event_config.event_name.webshellName_clientav}'),
    queryCycle?: string(name='QueryCycle', description='The window length of the rule. The HTML escape characters are reversed.', example='{&quot;time&quot;:&quot;1&quot;,&quot;unit&quot;:&quot;HOUR&quot;}'),
    ruleCondition?: string(name='RuleCondition', description='The query condition of the rule. The value is in the JSON format. The HTML escape characters are reversed.', example='[[{&quot;not&quot;:false,&quot;left&quot;:&quot;alert_name&quot;,&quot;operator&quot;:&quot;=&quot;,&quot;right&quot;:&quot;WEBSHELL&quot;}]]'),
    ruleDesc?: string(name='RuleDesc', description='The description of the rule.', example='this rule is for waf scan'),
    ruleGroup?: string(name='RuleGroup', description='The log aggregation field of the rule. The value is a JSON string. The HTML escape characters are reversed.', example='[&quot;asset_id&quot;]'),
    ruleName?: string(name='RuleName', description='The name of the rule.', example='waf_scan'),
    ruleThreshold?: string(name='RuleThreshold', description='The threshold configuration of the rule. The value is in the JSON format. The HTML escape characters are reversed.', example='{&quot;aggregateFunction&quot;:&quot;count&quot;,&quot;aggregateFunctionName&quot;:&quot;count&quot;,&quot;field&quot;:&quot;activity_name&quot;,&quot;operator&quot;:&quot;&lt;=&quot;,&quot;value&quot;:1}'),
    ruleType?: string(name='RuleType', description='The type of the rule. Valid values:

*   predefine
*   customize', example='customize'),
    status?: int32(name='Status', description='The rule status. Valid values:

*   0: The rule is in the initial state.
*   10: The simulation data is tested.
*   15: The business data is being tested.
*   20: The business data test ends.
*   100: The rule takes effect.', example='0'),
    threatLevel?: string(name='ThreatLevel', description='The risk level. Valid values:

*   serious: high
*   suspicious: medium
*   remind: low', example='remind'),
  }(name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model PostCustomizeRuleResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: PostCustomizeRuleResponseBody(name='body'),
}

/**
 * @summary Creates or updates a custom rule.
 *
 * @param request PostCustomizeRuleRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return PostCustomizeRuleResponse
 */
async function postCustomizeRuleWithOptions(request: PostCustomizeRuleRequest, runtime: Util.RuntimeOptions): PostCustomizeRuleResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.alertType)) {
    body['AlertType'] = request.alertType;
  }
  if (!Util.isUnset(request.alertTypeMds)) {
    body['AlertTypeMds'] = request.alertTypeMds;
  }
  if (!Util.isUnset(request.attCk)) {
    body['AttCk'] = request.attCk;
  }
  if (!Util.isUnset(request.eventTransferExt)) {
    body['EventTransferExt'] = request.eventTransferExt;
  }
  if (!Util.isUnset(request.eventTransferSwitch)) {
    body['EventTransferSwitch'] = request.eventTransferSwitch;
  }
  if (!Util.isUnset(request.eventTransferType)) {
    body['EventTransferType'] = request.eventTransferType;
  }
  if (!Util.isUnset(request.id)) {
    body['Id'] = request.id;
  }
  if (!Util.isUnset(request.logSource)) {
    body['LogSource'] = request.logSource;
  }
  if (!Util.isUnset(request.logSourceMds)) {
    body['LogSourceMds'] = request.logSourceMds;
  }
  if (!Util.isUnset(request.logType)) {
    body['LogType'] = request.logType;
  }
  if (!Util.isUnset(request.logTypeMds)) {
    body['LogTypeMds'] = request.logTypeMds;
  }
  if (!Util.isUnset(request.queryCycle)) {
    body['QueryCycle'] = request.queryCycle;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  if (!Util.isUnset(request.ruleCondition)) {
    body['RuleCondition'] = request.ruleCondition;
  }
  if (!Util.isUnset(request.ruleDesc)) {
    body['RuleDesc'] = request.ruleDesc;
  }
  if (!Util.isUnset(request.ruleGroup)) {
    body['RuleGroup'] = request.ruleGroup;
  }
  if (!Util.isUnset(request.ruleName)) {
    body['RuleName'] = request.ruleName;
  }
  if (!Util.isUnset(request.ruleThreshold)) {
    body['RuleThreshold'] = request.ruleThreshold;
  }
  if (!Util.isUnset(request.threatLevel)) {
    body['ThreatLevel'] = request.threatLevel;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'PostCustomizeRule',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Creates or updates a custom rule.
 *
 * @param request PostCustomizeRuleRequest
 * @return PostCustomizeRuleResponse
 */
async function postCustomizeRule(request: PostCustomizeRuleRequest): PostCustomizeRuleResponse {
  var runtime = new Util.RuntimeOptions{};
  return postCustomizeRuleWithOptions(request, runtime);
}

model PostCustomizeRuleTestRequest {
  id?: long(name='Id', description='The ID of the rule.', example='123456789'),
  regionId?: string(name='RegionId', description='The data management center of the threat analysis feature. Specify this parameter based on the region in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions inside China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
  simulatedData?: string(name='SimulatedData', description='The simulation data for the test. This parameter is available only when TestType is set to simulate.', example='[{"key1":"value1","key2":"value2","key3":"value3","key4":"value4","key5":"value5"}]'),
  testType?: string(name='TestType', description='The test type. Valid values:

*   simulate: simulation data test
*   business: business data test', example='simulate'),
}

model PostCustomizeRuleTestResponseBody = {
  code?: int32(name='Code', description='The HTTP status code that is returned.', example='200'),
  data?: any(name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model PostCustomizeRuleTestResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: PostCustomizeRuleTestResponseBody(name='body'),
}

/**
 * @summary Submits a custom rule for testing.
 *
 * @param request PostCustomizeRuleTestRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return PostCustomizeRuleTestResponse
 */
async function postCustomizeRuleTestWithOptions(request: PostCustomizeRuleTestRequest, runtime: Util.RuntimeOptions): PostCustomizeRuleTestResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.id)) {
    body['Id'] = request.id;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  if (!Util.isUnset(request.simulatedData)) {
    body['SimulatedData'] = request.simulatedData;
  }
  if (!Util.isUnset(request.testType)) {
    body['TestType'] = request.testType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'PostCustomizeRuleTest',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Submits a custom rule for testing.
 *
 * @param request PostCustomizeRuleTestRequest
 * @return PostCustomizeRuleTestResponse
 */
async function postCustomizeRuleTest(request: PostCustomizeRuleTestRequest): PostCustomizeRuleTestResponse {
  var runtime = new Util.RuntimeOptions{};
  return postCustomizeRuleTestWithOptions(request, runtime);
}

model PostEventDisposeAndWhiteruleListRequest {
  eventDispose?: string(name='EventDispose', description='The configuration of event handling. The value is a JSON object.', example='[
      {
            "playbookName": "WafBlockIP",
            "entityId": "104466118",
            "scope": [
                  "176618589410****"
            ],
            "startTime": 1604168946281,
            "endTime": 1614168946281
      },
      {
            "playbookName": "WafBlockIP",
            "entityId": "104466118",
            "scope": [
                  {
                        "instanceId": "waf-cn-n6w1oy1****",
                        "domains": [
                              "lmfip.wafqax.***"
                        ]
                  }
            ],
            "startTime": 1604168946281,
            "endTime": 1614168946281
      }
]'),
  incidentUuid?: string(name='IncidentUuid', description='The UUID of the event.', example='85ea4241-798f-4684-a876-65d4f0c3****'),
  receiverInfo?: string(name='ReceiverInfo', description='The configuration of the alert recipient. The value is a JSON object.', example='{
      "messageTitle": "test",
      "receiver": "xiaowang",
      "channel": "message"
}'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  remark?: string(name='Remark', description='The remarks of the event.', example='dealed'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
  status?: int32(name='Status', description='The status of the event. Valid values:

*   0: unhandled
*   1: handing
*   5: handling failed
*   10: handled', example='0'),
}

model PostEventDisposeAndWhiteruleListResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: string(name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model PostEventDisposeAndWhiteruleListResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: PostEventDisposeAndWhiteruleListResponseBody(name='body'),
}

/**
 * @summary Submits event handling information.
 *
 * @param request PostEventDisposeAndWhiteruleListRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return PostEventDisposeAndWhiteruleListResponse
 */
async function postEventDisposeAndWhiteruleListWithOptions(request: PostEventDisposeAndWhiteruleListRequest, runtime: Util.RuntimeOptions): PostEventDisposeAndWhiteruleListResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.eventDispose)) {
    body['EventDispose'] = request.eventDispose;
  }
  if (!Util.isUnset(request.incidentUuid)) {
    body['IncidentUuid'] = request.incidentUuid;
  }
  if (!Util.isUnset(request.receiverInfo)) {
    body['ReceiverInfo'] = request.receiverInfo;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.remark)) {
    body['Remark'] = request.remark;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  if (!Util.isUnset(request.status)) {
    body['Status'] = request.status;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'PostEventDisposeAndWhiteruleList',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Submits event handling information.
 *
 * @param request PostEventDisposeAndWhiteruleListRequest
 * @return PostEventDisposeAndWhiteruleListResponse
 */
async function postEventDisposeAndWhiteruleList(request: PostEventDisposeAndWhiteruleListRequest): PostEventDisposeAndWhiteruleListResponse {
  var runtime = new Util.RuntimeOptions{};
  return postEventDisposeAndWhiteruleListWithOptions(request, runtime);
}

model PostEventWhiteruleListRequest {
  incidentUuid?: string(name='IncidentUuid', description='The UUID of the event.', example='85ea4241-798f-4684-a876-65d4f0c3****'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
  whiteruleList?: string(name='WhiteruleList', description='The alert whitelist rule. The value is a JSON object.

This parameter is required.', example='[
      {
            "alertName": "webshell",
            "alertNameId": "webshell",
            "alertType": "command",
            "alertTypeId": "command",
            "expression": {
                  "status": 1,
                  "conditions": [
                        {
                              "isNot": false,
                              "left": {
                                    "value": "file_path"
                              },
                              "operator": "gt",
                              "right": {
                                    "value": "cp"
                              }
                        }
                  ]
            }
      }
]'),
}

model PostEventWhiteruleListResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: string(name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model PostEventWhiteruleListResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: PostEventWhiteruleListResponseBody(name='body'),
}

/**
 * @summary Submits an alert whitelist rule.
 *
 * @param request PostEventWhiteruleListRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return PostEventWhiteruleListResponse
 */
async function postEventWhiteruleListWithOptions(request: PostEventWhiteruleListRequest, runtime: Util.RuntimeOptions): PostEventWhiteruleListResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.incidentUuid)) {
    body['IncidentUuid'] = request.incidentUuid;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  if (!Util.isUnset(request.whiteruleList)) {
    body['WhiteruleList'] = request.whiteruleList;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'PostEventWhiteruleList',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Submits an alert whitelist rule.
 *
 * @param request PostEventWhiteruleListRequest
 * @return PostEventWhiteruleListResponse
 */
async function postEventWhiteruleList(request: PostEventWhiteruleListRequest): PostEventWhiteruleListResponse {
  var runtime = new Util.RuntimeOptions{};
  return postEventWhiteruleListWithOptions(request, runtime);
}

model PostFinishCustomizeRuleTestRequest {
  id?: long(name='Id', description='The ID of the rule.', example='123456789'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model PostFinishCustomizeRuleTestResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: any(name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model PostFinishCustomizeRuleTestResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: PostFinishCustomizeRuleTestResponseBody(name='body'),
}

/**
 * @summary Ends the test of a custom rule.
 *
 * @param request PostFinishCustomizeRuleTestRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return PostFinishCustomizeRuleTestResponse
 */
async function postFinishCustomizeRuleTestWithOptions(request: PostFinishCustomizeRuleTestRequest, runtime: Util.RuntimeOptions): PostFinishCustomizeRuleTestResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.id)) {
    body['Id'] = request.id;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'PostFinishCustomizeRuleTest',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Ends the test of a custom rule.
 *
 * @param request PostFinishCustomizeRuleTestRequest
 * @return PostFinishCustomizeRuleTestResponse
 */
async function postFinishCustomizeRuleTest(request: PostFinishCustomizeRuleTestRequest): PostFinishCustomizeRuleTestResponse {
  var runtime = new Util.RuntimeOptions{};
  return postFinishCustomizeRuleTestWithOptions(request, runtime);
}

model PostRuleStatusChangeRequest {
  ids?: string(name='Ids', description='The rule IDs. The value is a JSON array.', example='[123,345]'),
  inUse?: boolean(name='InUse', description='Specifies whether to enable the rule. Valid values:

*   true
*   false', example='true'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
  ruleType?: string(name='RuleType', description='The type of the rule. Valid values:

*   predefine
*   customize', example='customize'),
}

model PostRuleStatusChangeResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: any(name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model PostRuleStatusChangeResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: PostRuleStatusChangeResponseBody(name='body'),
}

/**
 * @summary Updates the status of a custom rule.
 *
 * @param request PostRuleStatusChangeRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return PostRuleStatusChangeResponse
 */
async function postRuleStatusChangeWithOptions(request: PostRuleStatusChangeRequest, runtime: Util.RuntimeOptions): PostRuleStatusChangeResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.ids)) {
    body['Ids'] = request.ids;
  }
  if (!Util.isUnset(request.inUse)) {
    body['InUse'] = request.inUse;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  if (!Util.isUnset(request.ruleType)) {
    body['RuleType'] = request.ruleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'PostRuleStatusChange',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Updates the status of a custom rule.
 *
 * @param request PostRuleStatusChangeRequest
 * @return PostRuleStatusChangeResponse
 */
async function postRuleStatusChange(request: PostRuleStatusChangeRequest): PostRuleStatusChangeResponse {
  var runtime = new Util.RuntimeOptions{};
  return postRuleStatusChangeWithOptions(request, runtime);
}

model RestoreCapacityRequest {
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model RestoreCapacityResponseBody = {
  data?: boolean(name='Data', description='Indicates whether the release command has been sent. Valid values:

*   true: The command has been sent and the storage space is being released.
*   false: The command failed to be sent.', example='true'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-58D4-55B2-87B9-74D413F7****'),
}

model RestoreCapacityResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: RestoreCapacityResponseBody(name='body'),
}

/**
 * @summary Releases storage to reduce the storage usage. The release operation is irreversible and may cause data loss. Proceed with caution.
 *
 * @param request RestoreCapacityRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return RestoreCapacityResponse
 */
async function restoreCapacityWithOptions(request: RestoreCapacityRequest, runtime: Util.RuntimeOptions): RestoreCapacityResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'RestoreCapacity',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Releases storage to reduce the storage usage. The release operation is irreversible and may cause data loss. Proceed with caution.
 *
 * @param request RestoreCapacityRequest
 * @return RestoreCapacityResponse
 */
async function restoreCapacity(request: RestoreCapacityRequest): RestoreCapacityResponse {
  var runtime = new Util.RuntimeOptions{};
  return restoreCapacityWithOptions(request, runtime);
}

model SaveQuickQueryRequest {
  displayName?: string(name='DisplayName', description='The name of the saved search.

This parameter is required.', example='no_1_created_search_used_for_dispaly_ip'),
  query?: string(name='Query', description='The query statement.

This parameter is required.', example='* and dst_ip : "121.43.234.***"'),
  regionId?: string(name='RegionId', description='The data management center of the threat analysis feature. Specify this parameter based on the region where your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in the Chinese mainland or in the China (Hong Kong) region.
*   ap-southeast-1: Your assets reside in regions outside the Chinese mainland, excluding the China (Hong Kong) region.', example='cn-hangzhou'),
}

model SaveQuickQueryResponseBody = {
  data?: boolean(name='Data', description='Indicates whether the query statement is saved as a saved search. Valid values:

*   true
*   false', example='true'),
  requestId?: string(name='RequestId', description='The request ID.', example='06735F17-1EDE-5212-81A3-8585368F****'),
}

model SaveQuickQueryResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: SaveQuickQueryResponseBody(name='body'),
}

/**
 * @summary Saves a query statement in log analysis as a saved search. This helps save the time required to write the query statement.
 *
 * @param request SaveQuickQueryRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return SaveQuickQueryResponse
 */
async function saveQuickQueryWithOptions(request: SaveQuickQueryRequest, runtime: Util.RuntimeOptions): SaveQuickQueryResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.displayName)) {
    body['DisplayName'] = request.displayName;
  }
  if (!Util.isUnset(request.query)) {
    body['Query'] = request.query;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'SaveQuickQuery',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Saves a query statement in log analysis as a saved search. This helps save the time required to write the query statement.
 *
 * @param request SaveQuickQueryRequest
 * @return SaveQuickQueryResponse
 */
async function saveQuickQuery(request: SaveQuickQueryRequest): SaveQuickQueryResponse {
  var runtime = new Util.RuntimeOptions{};
  return saveQuickQueryWithOptions(request, runtime);
}

model SetStorageRequest {
  region?: string(name='Region', description='The storage region of logs.

If the data management center is **cn-hangzhou**, the default value of **Region** is cn-shanghai, which specifies the China (Shanghai) region. If the data management center is **ap-southeast-1**, the default value of **Region** is ap-southeast-1, which specifies the Singapore region.

The region for log storage cannot be changed. To change the region, contact the technical support of threat analysis.', example='cn-shanghai'),
  regionId?: string(name='RegionId', description='The data management center of the threat analysis feature. Specify this parameter based on the region where your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
  ttl?: int32(name='Ttl', description='The storage duration of logs. Default value: 180. Minimum value: 30. Maximum value: 3000. Unit: days.

This parameter is required.', example='180'),
}

model SetStorageResponseBody = {
  data?: boolean(name='Data', description='Indicates whether the settings are saved. Valid values:

*   true:
*   false:', example='true'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-58D4-55B2-87B9-74D413F7****'),
}

model SetStorageResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: SetStorageResponseBody(name='body'),
}

/**
 * @summary Configures the settings of log storage, such as the storage duration and storage region.
 *
 * @param request SetStorageRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return SetStorageResponse
 */
async function setStorageWithOptions(request: SetStorageRequest, runtime: Util.RuntimeOptions): SetStorageResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.region)) {
    body['Region'] = request.region;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  if (!Util.isUnset(request.ttl)) {
    body['Ttl'] = request.ttl;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'SetStorage',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Configures the settings of log storage, such as the storage duration and storage region.
 *
 * @param request SetStorageRequest
 * @return SetStorageResponse
 */
async function setStorage(request: SetStorageRequest): SetStorageResponse {
  var runtime = new Util.RuntimeOptions{};
  return setStorageWithOptions(request, runtime);
}

model ShowQuickAnalysisRequest {
  regionId?: string(name='RegionId', description='The data management center of the threat analysis feature. Specify this parameter based on the region where your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in the Chinese mainland or in the China (Hong Kong) region.
*   ap-southeast-1: Your assets reside in regions outside the Chinese mainland, excluding the China (Hong Kong) region.', example='cn-hangzhou'),
}

model ShowQuickAnalysisResponseBody = {
  data?: {
    indexList?: [ string ](name='IndexList', description='The index fields of the logs.'),
  }(name='Data', description='The index fields.'),
  requestId?: string(name='RequestId', description='The request ID.', example='2A4FBD89-C29D-5973-B882-CB2D23F6****'),
}

model ShowQuickAnalysisResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ShowQuickAnalysisResponseBody(name='body'),
}

/**
 * @summary Configures index fields to display in log analysis. The index fields can be used for quick analysis.
 *
 * @param request ShowQuickAnalysisRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ShowQuickAnalysisResponse
 */
async function showQuickAnalysisWithOptions(request: ShowQuickAnalysisRequest, runtime: Util.RuntimeOptions): ShowQuickAnalysisResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'ShowQuickAnalysis',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Configures index fields to display in log analysis. The index fields can be used for quick analysis.
 *
 * @param request ShowQuickAnalysisRequest
 * @return ShowQuickAnalysisResponse
 */
async function showQuickAnalysis(request: ShowQuickAnalysisRequest): ShowQuickAnalysisResponse {
  var runtime = new Util.RuntimeOptions{};
  return showQuickAnalysisWithOptions(request, runtime);
}

model SubmitImportLogTasksRequest {
  accounts?: string(name='Accounts', description='The accounts that you want to add. The value is a JSON array. Valid values:

*   AccountId: the IDs of the accounts.

*   Imported: specifies whether to add the accounts. Valid values:

    *   0: no
    *   1: yes', example='[{"AccountId":"123123","Imported":1}]'),
  autoImported?: int32(name='AutoImported', description='Specifies whether to automatically add the account for which the logging feature is configured. Valid values:

*   1: yes
*   0: no', example='["cloud_siem_qcloud_cfw_alert_log"]'),
  cloudCode?: string(name='CloudCode', description='The code that is used for multi-cloud environments. Valid values:

*   qcloud: Tencent Cloud
*   aliyun: Alibaba Cloud
*   hcloud: Huawei Cloud

This parameter is required.', example='hcloud'),
  logCodes?: string(name='LogCodes', description='The logs that you want to collect. The value is a JSON array.', example='["cloud_siem_qcloud_cfw_alert_log"]'),
  prodCode?: string(name='ProdCode', description='The code of the service.

This parameter is required.', example='qcloud_waf'),
  regionId?: string(name='RegionId', description='The data management center of the threat analysis feature. Specify this parameter based on the region where your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions inside China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='0'),
}

model SubmitImportLogTasksResponseBody = {
  data?: {
    count?: int32(name='Count', description='The number of log collection tasks that are submitted.', example='10'),
  }(name='Data', description='The data returned.'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-*****-55B2-87B9-74D413F7****'),
}

model SubmitImportLogTasksResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: SubmitImportLogTasksResponseBody(name='body'),
}

/**
 * @summary Submits log collection tasks at a time.
 *
 * @param request SubmitImportLogTasksRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return SubmitImportLogTasksResponse
 */
async function submitImportLogTasksWithOptions(request: SubmitImportLogTasksRequest, runtime: Util.RuntimeOptions): SubmitImportLogTasksResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.accounts)) {
    body['Accounts'] = request.accounts;
  }
  if (!Util.isUnset(request.autoImported)) {
    body['AutoImported'] = request.autoImported;
  }
  if (!Util.isUnset(request.cloudCode)) {
    body['CloudCode'] = request.cloudCode;
  }
  if (!Util.isUnset(request.logCodes)) {
    body['LogCodes'] = request.logCodes;
  }
  if (!Util.isUnset(request.prodCode)) {
    body['ProdCode'] = request.prodCode;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'SubmitImportLogTasks',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Submits log collection tasks at a time.
 *
 * @param request SubmitImportLogTasksRequest
 * @return SubmitImportLogTasksResponse
 */
async function submitImportLogTasks(request: SubmitImportLogTasksRequest): SubmitImportLogTasksResponse {
  var runtime = new Util.RuntimeOptions{};
  return submitImportLogTasksWithOptions(request, runtime);
}

model SubmitJobsRequest {
  jsonParam?: string(name='JsonParam', description='The parameters of the logs that you want to add. The value is a JSON array, which contains the following parameters:\\\\


*   SourceProdCode: the code of the cloud service.

*   SourceLogCode: the code of the log.

*   Deleted: specifies whether to add the log. Valid values:

    *   0: yes
    *   1: no

This parameter is required.', example='[{"SourceLogCode":"cloud_siem_aegis_health_check","SourceProdCode":"sas","SubUserId":120xxxxxxx,"Deleted":0},{"SourceLogCode":"cloud_siem_aegis_health_check","SourceProdCode":"sas","SubUserId":121xxxxxxxx,"Deleted":0},{"SourceLogCode":"cloud_siem_aegis_health_check","SourceProdCode":"sas","SubUserId":122xxxxxxx,"Deleted":1}]'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
}

model SubmitJobsResponseBody = {
  data?: int32(name='Data', description='The total number of tasks.', example='5'),
  requestId?: string(name='RequestId', description='The request ID.', example='6276D891-*****-55B2-87B9-74D413F7****'),
}

model SubmitJobsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: SubmitJobsResponseBody(name='body'),
}

/**
 * @summary Submits multiple tasks that add logs to the threat analysis feature at a time. After the logs are added, you can perform alert and event analysis.
 *
 * @param request SubmitJobsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return SubmitJobsResponse
 */
async function submitJobsWithOptions(request: SubmitJobsRequest, runtime: Util.RuntimeOptions): SubmitJobsResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.jsonParam)) {
    body['JsonParam'] = request.jsonParam;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'SubmitJobs',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Submits multiple tasks that add logs to the threat analysis feature at a time. After the logs are added, you can perform alert and event analysis.
 *
 * @param request SubmitJobsRequest
 * @return SubmitJobsResponse
 */
async function submitJobs(request: SubmitJobsRequest): SubmitJobsResponse {
  var runtime = new Util.RuntimeOptions{};
  return submitJobsWithOptions(request, runtime);
}

model UpdateAutomateResponseConfigStatusRequest {
  ids?: string(name='Ids', description='The IDs of the automatic response rules. The value is a JSON array.', example='[123,345]'),
  inUse?: boolean(name='InUse', description='Specifies whether the rule is enabled. Valid values:

*   true
*   false', example='true'),
  regionId?: string(name='RegionId', description='The data management center of the threat analysis feature. Specify this parameter based on the region in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions inside China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor', description='The ID of the account that you switch from the management account.', example='113091674488****'),
  roleType?: int32(name='RoleType', description='The type of the view. Valid values:
- 0: the current Alibaba Cloud account
- 1: the global account', example='1'),
}

model UpdateAutomateResponseConfigStatusResponseBody = {
  code?: int32(name='Code', description='The HTTP status code that is returned.', example='200'),
  data?: string(name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model UpdateAutomateResponseConfigStatusResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdateAutomateResponseConfigStatusResponseBody(name='body'),
}

/**
 * @summary Updates the status of an automatic response rule.
 *
 * @param request UpdateAutomateResponseConfigStatusRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateAutomateResponseConfigStatusResponse
 */
async function updateAutomateResponseConfigStatusWithOptions(request: UpdateAutomateResponseConfigStatusRequest, runtime: Util.RuntimeOptions): UpdateAutomateResponseConfigStatusResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.ids)) {
    body['Ids'] = request.ids;
  }
  if (!Util.isUnset(request.inUse)) {
    body['InUse'] = request.inUse;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'UpdateAutomateResponseConfigStatus',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Updates the status of an automatic response rule.
 *
 * @param request UpdateAutomateResponseConfigStatusRequest
 * @return UpdateAutomateResponseConfigStatusResponse
 */
async function updateAutomateResponseConfigStatus(request: UpdateAutomateResponseConfigStatusRequest): UpdateAutomateResponseConfigStatusResponse {
  var runtime = new Util.RuntimeOptions{};
  return updateAutomateResponseConfigStatusWithOptions(request, runtime);
}

model UpdateWhiteRuleListRequest {
  expression?: string(name='Expression', description='The alert whitelist rule. The value is a JSON object.

This parameter is required.', example='[
      {
            "alertName": "webshell",
            "alertNameId": "webshell",
            "alertType": "command",
            "alertTypeId": "command",
            "expression": {
                  "status": 1,
                  "conditions": [
                        {
                              "isNot": false,
                              "left": {
                                    "value": "file_path"
                              },
                              "operator": "gt",
                              "right": {
                                    "value": "cp"
                              }
                        }
                  ]
            }
      }
]'),
  incidentUuid?: string(name='IncidentUuid', description='The UUID of the event.', example='85ea4241-798f-4684-a876-65d4f0c3****'),
  regionId?: string(name='RegionId', description='The region in which the data management center of the threat analysis feature resides. Specify this parameter based on the regions in which your assets reside. Valid values:

*   cn-hangzhou: Your assets reside in regions in China.
*   ap-southeast-1: Your assets reside in regions outside China.', example='cn-hangzhou'),
  roleFor?: long(name='RoleFor'),
  roleType?: int32(name='RoleType'),
  whiteRuleId?: long(name='WhiteRuleId', description='The unique ID of the whitelist rule.

This parameter is required.', example='123456789'),
}

model UpdateWhiteRuleListResponseBody = {
  code?: int32(name='Code', description='The HTTP status code.', example='200'),
  data?: any(name='Data', description='The data returned.', example='123456'),
  message?: string(name='Message', description='The returned message.', example='success'),
  requestId?: string(name='RequestId', description='The request ID.', example='9AAA9ED9-78F4-5021-86DC-D51C7511****'),
  success?: boolean(name='Success', description='Indicates whether the request was successful. Valid values:

*   true
*   false', example='true'),
}

model UpdateWhiteRuleListResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdateWhiteRuleListResponseBody(name='body'),
}

/**
 * @summary Creates or updates an alert whitelist rule.
 *
 * @param request UpdateWhiteRuleListRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateWhiteRuleListResponse
 */
async function updateWhiteRuleListWithOptions(request: UpdateWhiteRuleListRequest, runtime: Util.RuntimeOptions): UpdateWhiteRuleListResponse {
  Util.validateModel(request);
  var body : map[string]any = {};
  if (!Util.isUnset(request.expression)) {
    body['Expression'] = request.expression;
  }
  if (!Util.isUnset(request.incidentUuid)) {
    body['IncidentUuid'] = request.incidentUuid;
  }
  if (!Util.isUnset(request.regionId)) {
    body['RegionId'] = request.regionId;
  }
  if (!Util.isUnset(request.roleFor)) {
    body['RoleFor'] = request.roleFor;
  }
  if (!Util.isUnset(request.roleType)) {
    body['RoleType'] = request.roleType;
  }
  if (!Util.isUnset(request.whiteRuleId)) {
    body['WhiteRuleId'] = request.whiteRuleId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApi.Params{
    action = 'UpdateWhiteRuleList',
    version = '2022-06-16',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Creates or updates an alert whitelist rule.
 *
 * @param request UpdateWhiteRuleListRequest
 * @return UpdateWhiteRuleListResponse
 */
async function updateWhiteRuleList(request: UpdateWhiteRuleListRequest): UpdateWhiteRuleListResponse {
  var runtime = new Util.RuntimeOptions{};
  return updateWhiteRuleListWithOptions(request, runtime);
}

